Phishing is a scam where criminals use misleading information to trick you into revealing passwords or other confidential information. Below are eight important rules to help avoid being victimized. We also outline a few realistic phishing scams.
To protect yourself, use a password manager and follow these best practices!
Top 8 rules to protect yourself from phishing scams
- Never tell your master password to anyone for any reason.
- Always use anti-virus, anti-malware, and firewall software. Protect yourself on all of your devices. Make sure virus definition files are up to date.
- Never click links in emails unless you asked for them.
- Be suspicious of incoming emails. Make sure the sender is really who they claim to be. Bad guys can easily forge email signatures. It’s best to stay suspicious!
- Avoid using untrusted computers or networks. Bad guys have lots of tricks, and any computer or network you aren’t familiar with could be their playground. They install stuff like keylogging, screen capture, and traffic sniffing software. So beware!
- Don’t trust anyone claiming to be from Microsoft, Google, etc., who has personal or confidential information about you. When you signed up for these services, you may have entered personal information, but they have no way of ever reading or knowing such information.
- Use a password manager to fill login credentials for sites you visit. Password managers protect you against fake-website phishing attacks by only filling your credentials to actual sites. For example, suppose your bank’s website is www.mybank.com. Along comes a scammer who sets up a fake site that’s identical on the surface, but with a slightly different address: www.mybank1.com. Let’s say you visit the bad guy’s site at www.mybank1.com and don’t notice it’s a fake. You’re safe, because most password managers recognize the difference for you and won’t fill in your username and password.
- Always click on your password manager’s browser extension icon to access your vault. If an extension isn’t offered, always type the full site’s address into your browser’s address bar. Otherwise you risk visiting a site designed by bad guys to look exactly like a real site.
Phishing scam scenarios
Example Scam #1 You receive an email that appears to be from your password manager informing you that your account has been compromised. The email looks real and even includes accurate personal information about you. It asks you to click a link to reset your master password.
Here’s how to protect yourself:
- Never assume an email you get from your password manager was actually sent by them.
- Never click links in emails unless you asked for them.
|
Example Scam #2 You get a call from someone claiming to be an employee from your password manager company. They tell you a server has failed, and your data might have been lost. They give you their own employee ID number. They know some personal information about you: your address, your social security number, your date of birth, your maiden name, and even your credit card number. They ask you for your master password so they can safely copy and backup your data. Without your master password, they say, your data will be lost forever.
Here’s how to protect yourself:
- Never believe anyone who contacts you by phone.
- Be suspicious of anyone who has confidential information about you.
- Never reveal your master password to anyone.
|
Example Scam #3 You receive an email from an employee from your password manager company. They say your account has been compromised. The employee leaves you their number and extension and asks you to reach out. You call the phone number and are greeted by a receptionist, who then directs you to the employee who reached out to you. The employee tells you your full address and asks you to verify your identity by providing them the last four digits of your credit card number. The employee explains that your account has been compromised and temporarily suspended for your protection. The employee asks for your master password to unlock your account.
Here’s how to protect yourself:
- Never assume an email you get from an employee of your password manager company was actually sent by the company.
- Be suspicious of anyone who has confidential information about you.
- Never reveal your master password to anyone.
|
Example Scam #4 You use a computer at the library and find that the homepage for your password manager is already loaded in the browser.
Here’s how to protect yourself:
- Avoid using untrusted computers or networks.
- Use the password manager’s screen keyboard to log in to your account.
- For protection in locations you don’t trust, use multi-factor authentication.
|
Staying safe online must be an ongoing commitment on all our parts. Just as our team at Datum Consulting are committed to improving our suggested products, as new threats emerge, we, as users, also need to remain committed to following security best practices.