Avoid phishing and malware

Work Culture

Don’t get baited by phishing or malware

By

Published on October 09, 2014

We want to encourage everyone to be proactive about their security online. That’s why we’re supporting National Cybersecurity Awareness Month by sharing simple steps you can take to protect your accounts.

Hackers and scammers are often looking for ways to steal email addresses and passwords. With that information, they can easily 1) get access to the information in your accounts, 2) use your account to pretend to be you and attack more people, 3) use that account or password to get access to your other accounts, and 4) send spam to you or your contacts.

How they try to steal your information can be simple or very sophisticated, which means you need to be extra careful of what you click, or where you enter your email and passwords. Phishing is one method they can use to trick you. Most phishing attacks start with a spoof email that appears like it’s from a service you already use or a person you trust. Some phishing attacks you should watch out for include:

  • emails that ask you to reply with your username/email and password
  • emails with links to fake login or password reset pages
  • emails with links to view or download a file from someone you don’t know
  • emails that mention a current event, entice you with a prize or deal that is too good to be true, or pretend that there’s an urgent reason for you to respond or click on a link
  • links on social network posts or comments that lead to fake login or password reset pages
  • targeted attacks that appear like they’re from someone you know or includes personal information to get you to respond or click on a link

Malware is another sophisticated way to steal your email addresses, passwords or completely take over your computer. There are many types of malware out there: keystroke loggers, spyware, ransomware, scareware, adware, trojan horses, worms. Some really sneaky malware can be installed through a drive-by-download, just be visiting a website, viewing an e-mail message or by clicking on a pop-up window. These, and hundreds of attacks like them, are designed to fool you into giving up information or doing something to reduce the security of your accounts or devices.

Tips to help you stay protected against phishing and malware:

  1. Be careful what you click, download or install.
  2. If you don’t trust a link in an email, go direct to the normal login page or verify with the sender.
  3. Use two-step verification for Dropbox and other sites that support it.
  4. Help protect other people, report spam and phishing in your email client and report malicious links to Safebrowsing or Internet Explorer for browser blocking.
  5. Enable browser security and privacy settings to block phishing, malware and other malicious sites in Chrome, Internet Explorer, Safari, Firefox or your favorite browser.
  6. Use the most current versions and install security updates for operating systems, browsers, software and applications as soon as they become available.
  7. Use anti-virus or other security tools to protect your devices.
  8. Stop, Think, Connect: Understand the consequences of your actions and behaviors
    • Stop: take the time to understand the risks and learn how to spot potential problems
    • Think: take a moment to be certain the path ahead is clear, watch for warning signs
    • Connect: with confidence, knowing you’ve taken the right steps to safeguard yourself and your devices

It’s important to be aware of what these attacks look like so you don’t fall for them and do everything you can to protect yourself. The best approach if you suspect phishing or malware? Don’t bite.