Protect yourself from Phishing

Welcome to a brief introduction on how to protect yourself from phishing attacks.

I wrote this article with the purpose of motivating you and the people around you to not only protect yourself from phishing attacks, but also to take just a few minutes of your time to protect the entire Internet from such attacks.

Table of Contents

PHISHING

"“Phishing” refers to an attempt to steal sensitive information, typically in the form of usernames, passwords, credit card numbers, bank account information or other important data in order to utilize or sell the stolen information."

There are several different types of phishing attacks, but ultimately they all want to steal important information. Some great introductions can be found on these articles:

• What is a phishing attack? – Cloudflare
• How to: Avoid Phishing Attacks – EFF

Emails

Be on the look out for these warning signs:

• Complicated/long and unrecognizable sender email.
• Several grammar mistakes.
• General greeting (“Dear”, “Hi Kontakt”, “Hello Sir/Miss”…).
• Very complex and/or long email sender.
• Too many images, or several different company logos.

These are only a few warning signs that the email you received might most likely be a phishing attempt.

Generally, a good practice is that when you receive an email from e.g. LinkedIn or your Bank, you do not open any link from those emails, but go on your browser, open a new tab and login to your account in a normal way to check for any notifications or such.

Phone Calls

Vishing (a combination of the words Voice and Phishing) is a phone scam in which fraudsters trick you into divulging your personal, financial or security information or into transferring money to them.

Some general tips against Vishing attacks are:

• Don’t answer calls from unknown numbers.
• If you hear a robot-sounding voice, immediately hang up.
• Never give out personal information or other identifying information in response to unexpected calls or if you are at all suspicious.

Additionally, in some countries you can prevent/stop telemarketers and some spammers to call you by subscribing to specific services, such as:

• National Do Not Call Registry – U.S.A.
• National Do Not Call List – Canada
• Telephone Preference Service – U.K.
• Do Not Call Register – Australia
• Bloctel list – France
• ‘Do Not Call’ register – Netherlands
• Robinson Lijst – Belgium
• Lista Robinson – Spain
• Registro Pubblico delle Opposizioni – Italy
• Robinson Liste – Germany

You can find more information here: TAKE CONTROL OF YOUR DIGITAL LIFE. DON’T BE A VICTIM OF CYBER SCAMS!

Phone Settings

• Apple iPhones have an opt-in “Silence Unknown Callers” call-screening and blocking feature.
• Google Pixel phones have a “Call Screen” call-screening and blocking feature; Google offers several free, opt-in, call-blocking tool apps for Android phones; and Google Voice users can use a call management tool to block unwanted calls.
• Samsung partners with Hiya to offer a call-blocking solution called Smart Call to label potentially unwanted calls.

Information Source: Call Blocking Tools and Resources

REPORTING

When you become a target of a phishing attack or any type of scam, first and foremost, protect yourself and your close ones. However, the entire Internet community would appreciate it if you help report such attacks too.

Reporting is easier and faster than one thinks, and the entire Internet could benefit from it.

Browsers

Chrome

If you encounter a website that tries to scam people or steal personal information, you can submit a report to Google, who will then review your report and potentially block the website on all Google Chrome browsers:

• Google Safe Browsing

Firefox

If you are using Firefox, you can use the following process to submit a report:

1. Select Help > Report Deceptive Site
2. Paste the URL of the phishing site
3. Click I am not a robot
4. Submit Report

Abuse Email

If you want to directly contact the Domain provider, you can use this method by writing in your terminal:

whois URL.COM

Now look for the “Abuse” email and write them a quick email about the phishing website. In most cases they will handle it quickly.

Hosting Providers

In some cases you might want to contact the hosting provider of the website directly. You can use these websites to check who their hosting provider is:

• Hosting Checker
• Who Is Hosting This

Afterward, you’d have to go to the hosting provider’s website and figure out their abuse or report processes. Sometimes you can even just write them a quick message on their support chat.

National Authorities

Additionally, for more serious cases, you can also report cybercrime to national authorities. Some of these can be found here:

• EUROPOL – Report Cybercrime Online
• USA – Online Safety

DISCLAIMER

This is a very general introduction on how to protect yourself and others from Phishing attacks. Educational purposes only. Properly inform yourself, be wary of scams and fake news, keep learning, keep testing, and feel free to share your learnings and experiences as I do. Hope it was helpful! Stay safe!