password, password change, frequency, IT, IT security, security

In our previous post Phishing: What Do You Need to Know? – Part 1, we covered seven common types of phishing. In this post, we will give you a few tips to avoid them.

How to avoid Phishing

There are simple tips you can keep in mind to protect yourself against phishing attack. Here you have a few of them:

1. Avoid accessing suspicious links

Suspicious emails or SMS typically contain links. Before you open a link, it is important to always check where it is actually pointing. You should look for the use of trick domains. If the link is in an email, hold the mouse pointer over link to check it. In the case of a QR Code, your phone will let you know the address before you access it.

If the link is in a SMS, usually a long press over the link will reveal its location without visiting it. Beware that certain mobile operating systems require you to disable link previews in order for this trick to work.

Remember that a link can redirect you to a fake website where attackers could attempt to harvest sensitive data. Also, a link could potentially start the download of harmful malware in your device.

Finally, it is important to understand that malicious messages can come from anywhere. This may be unknown sources, or legitimate ones that have been compromised. You should be extra sceptical, specially if you do not recognize the source.

2. Do not easily share your private and personal information.

Generally, no bank, credit card provider or other kind of company will ask you to provide bank account numbers, your social security number, or passwords through email, SMS or voice call. Before you send sensitive information, make sure that you contact them through official channels, rather than simply answering an enquiry that came to you.

3. Enter confidential data only on websites that you know are safe

Doublecheck the address of the website that you are about to send data to. Make sure that the website encrypts its communications with “https”. This means that the information exchanged between your browser and the server cannot be snooped by third-parties. When “https” is in use, web browsers typically display a padlock where you can click and verify the identity of the company that owns the website. Please, note that “https” only ensures that the communications with a web site are encrypted. A web site that uses “https” is not guaranteed to be safe.

4. Keep you informed about the latest phishing techniques

The more informed you are about the new techniques, the less risk of getting snared by one of them. We recommend that you regularly check the information published by the Norwegian Center for Information Security (NorSIS).

5. Ckeck the advice and guidelines of your trusted suppliers

For example: Skatteetaten, Visa, Nettvett, etc.

6. Use common sense

Use common sense in the digital world, as you do every day in the real world. Stop and think if what you are about to do makes sense. Would you do it in the real world? We recommend that you watch this short video promoted by NorSIS.

If you liked this topic, do not miss our next post Phishing: What Do You Need to Know? – Part 3. We will give you recommendations about what to do if you have been scammed.