Tips to protect yourself from phishing

Phishing is an online scam which is used by cyber criminals to get access to sensitive information. This is often done by including a link in an email that appears to be sent by a legitimate company. The recipient is encouraged to visit a website and fill in his/her information, but the provided data (credit card numbers, passwords, etc.) is then collected by the hacker.

But how can you determine if a particular email was sent by a cyber attacker? Begin by taking a good look at the "From" email field - does it come from a legitimate domain? As an example, if you use Bank of America for your online banking transactions, you should receive an email from an address that looks like this: customercare@bankofamerica.com or so.

Let's assume that the email address appears to be valid; this doesn't necessarily mean that the electronic message that you have gotten was sent by your bank. Email was built as a simple communication system, so it doesn't include any mechanisms that can check the identity of the sender. Hackers make use of email spoofing to trick the recipients; anyone can write an email that appears to be sent out from anything@anydomain.com without owning that particular domain. It goes without saying that if you've received an email from a bank, institution or company you've never worked with, it was sent by a scammer.

If the "From" field is okay, it's time to check the actual email message. Most hackers send out mass messages; they don't have enough time to research the identities of all their targets. So, if the email starts with "Dear Customer" or so, it's almost always a fake one.

Read the actual message. Does it state that you did something you shouldn't have done? To give you an idea, does it say that you've tried to log into your banking account too many times? If you haven't done that, you know that the email comes from a hacker.

Look for spelling and grammatical errors. Lots of cyber criminals reside in non-English speaking countries. Also, move the mouse over the included link (don't click it, though) and you will see the real URL behind it. Some hackers use popular URL shortening services to mask their evil links; in this case, you can utilize an online URL unmasking service to discover the actual web address.

If you aren't sure, contact the institution via email or give them a call. Alternatively, you can verify the account (if needed) by going straight to the institution's website, without using the link that has been provided in the email. And if you don't know the URL of your bank, a simple Google search will reveal it.

It is always a good idea to install and use an application that can identify malicious sites. While some antiviruses incorporate phishing detection mechanisms, dedicated tools such as AdGuard can do a much better job, because they maintain a crowdsourced list of malicious websites, while also blocking online ads that can contain malware.

Don't forget that scammers can infect mobile devices as well. So, it is always a wise idea to install and use a mobile security suite. If you use a phone for online banking transactions and/or you store confidential information on it, resist the temptation to click email links and keep the number of installed apps to a minimum. By applying these tips, you should be a to keep your sensitive information private.