How to avoid phishing email attacks
Phishing is a common form of cyber crime which involves having your identity, login details or other information stolen, often by email. If you've gotten any suspicious emails claiming to be from a bank or reputable company that ask for sensitive personal or financial information, including a link to a website where you're supposed to give that information, it could very well be a trap set by thieves.
Many times, these phishing emails are easy to spot because your email service provider will automatically filter them to the spam folder. But this doesn't catch 100% of them all the time, so it's important to know what to be on the look out for. How do you know if an email is sent by a cyber criminal? Keep reading to find out.
Don't open any links
Phishing works by the criminal sending you an email claiming to be a reputable company, often with a link to a page where you're supposed to put in your info. Always check the name of the sender, the email address, as well as the URL's HTTPS verifications, which your browser will display. But, if an email looks suspicious, there's probably a good reason for that and you should just not open the link at all.
Look at the small details
A successful phishing attempt is all about details, as that's how criminals gain your trust. However, if you catch mistakes in the email before even getting to the page where they're trying to steal from you, you can avoid all that hassle. Often, you can spot little mistakes in the initial emails, for example: plain text (no graphics or formatting), the sender is using an unofficial email address (yourbank@gmail.com) or spelling and grammatical errors ("helo, sir or madem").
Look out for threats
Sometimes cybecriminals try to scare you into opening and responding their fraudulent emails. For example, "If you don't reply to this email or update your password in the next three days, your account will be deleted". Don't worry, nothing will happen if you don't respond. In fact, it's extremely rare for any company to contact users via email about personal or financial information.
Stay alert and keep your eyes open
The last line of defense against phishing is yourself. As simple as it sounds, your own vigilance is the most effective way to stay safe. The email may be well written, have no spelling mistakes, the colors of the company logo may be legitimate, the URL and email address may seem reliable, but if you think something smells fishy, trust your instincts. Do not answer the email. Instead, if you think someone is impersonating your bank, for example, call the bank directly and check the accuracy of the information you have received. Once you talk to them, and they confirm that the email is fraudulent, mark the email you received as spam.
Has phishing ever happened to you? Tell us in the comments.
I find social attacks are more useful.
Using email since the early 90s, the most effective anti-phishing technique is to keep at least one nonsense email address for casual logins, e.g. to this site, and strictly confine a couple of "real me" email addresses to known meatware contacts e.g. family, friends / employment and serious commercial relations. Segregated "Real me" email won't normally get onto the mass mail garbage lists, and any fraud mail (from a "bank" or whatever) to a nonsense address is obviously garbage. I'd also add to the above article, that most email readers will let users expand the sender-information field, and that reveals the "named" financial or business sender is really some ridiculous and impossible junker. I use the police "Crime Stopper" web site to report phishing as well as nuisance SMS messages, looking for a subject heading the police will pay attention to. No repeats.
That's not 100% reliable