Don’t Get Caught in Shallow Waters; Protect Yourself from Phishers [With Infographic]

fish

fish

I’ve written a few times before about the steps you can take to secure yourself online, particularly in my top 10 tips to make your computer more secure. One of the biggest issues is that email (which is one of the most popular methods of digital communication out there) is also one of the most insecure methods. Despite this, it still remains my favourite forms of communication, and as long as it is used wisely it can make you super efficient. In this article I’ll quickly go through some ways you can secure yourself online, and in particular to avoid being a victim of the king of email scams- phishing.

(Photo Credit: Ansel Edwards Photography via Compfight cc)

(download as MP3)

Secure Yourself with HTTPS

Facebook HTTPSThere are a few ways to make your email more secure. Firstly you should make sure that you are connecting to your email server securely using HTTPS. You may have seen the “golden padlock” when you connect to some sites (particularly in the case of internet banking). HTTPS encrypts internet traffic between you and the website you are browsing. SSL certificates are only granted to websites giving this HTTPS connection by certificate authorities that do some background checks on the website before issuing one.

There are technically different levels of certificate for which different levels of background checks are required. The Domain Validated one is only validated against the domain name itself and offers the least protection to the end user. An Organisation Certificate requires checks the background of the business or organisation itself. Finally the top level one is an Extended Validation Certificate, which gives the familiar Green Bar you see on internet banking sites.

Most email providers such as GMail offer SSL, and if yours doesn’t, it should! Even Yahoo! Mail, widely criticised for not having SSL, has just enabled this as an option. Other services such as Twitter and Facebook now allow SSL too, so make sure you switch the service on. If you are an avid Facebook user, I recommend you read my guide on how to do a security audit on your personal Facebook profile.

An easy way to ensure you are using HTTPS as much as possible, you should be using a Chrome or Firefox plugin called HTTPS Everywhere from the Electronic Frontier Foundation. This plugin makes sure that you always connect to a website using SSL if it is available. For more information, see the article from the Electronic Frontier Foundation on HTTPS Everywhere.

Unfortunately, even if you do connect to a website with SSL, you can still technically be at risk. Always check the domain name of the website you are visiting to make sure it looks correct. Although SSL certificates should be generated for legitimate businesses, there have been the odd occasion when SSL certificates have been improperly issued

Secure Yourself with a VPN

VPNAs well as connecting via SSL you could also secure your internet connection completely by using a Virtual Private Network. Using a VPN means that your internet connection is completely encrypted and hidden from prying eyes. A secure tunnel between you and a VPN server is created, and effectively you are then browsing the internet using the internet connection of the VPN server. This is particularly important when you are using a public hotspot.

Choosing a VPN from the countless list can be quite a daunting task. From personal experience, I highly recommend the service from Private Internet Access. It seems to be reliable, reasonable in cost and has good customer service. You can find out more about Private Internet Access by watching the following video.

For further information on VPNs, have a read of this great article from LifeHacker called Why You Should Start Using a VPN (and how to choose the best one for your needs).

Update (2017) – you can read an in-depth review of the best VPNs at the moment here.

 

Secure Your Password

LastPassChoose a strong password, and make sure you don’t use the same password for all your sites!

There have been horrendous stories of email accounts being hacked with huge losses of customer data. If you think it isn’t a problem, then have a read of why your password is not safe.

I highly recommend using a password manager such as LastPass to help you make your passwords ultra secure without having to remember them all.

Email is Still Insecure

Despite securing yourself in these ways, the actual email you send won’t be sent securely. The email could pass through many different servers throughout the world and will be sent in plain text. Although unlikely, it still could technically be read or scanned on its way. My advice is not to send anything sensitive by email for this reason. If you do have anything sensitive, there are more secure methods such as PGP (pretty good privacy). Unfortunately these require both the sender and recipient to use special software to encrypt and decrypt the message.

Make sure you protect your computer with a virus scanner or anti-virus application. There are too many to choose from, but for Windows I recommend Microsoft’s own- Security Essentials. If you own a Mac, don’t think you are exempt! For more information, see my tips on making your computer secure.

Protect Yourself from Phishing

Even if you do all of the above, you can still become the victim of a cyber attack, just by opening an email message and clicking on a link! Just think- all that time spent securing your computer and your online life could be flushed down the toilet in 2 minutes! I’m not talking about a virus infecting your computer, I am talking about a Phishing attack. The email itself may not have an attachment or a virus, but you could be tricked into supplying a criminal with your personal information by entering it in a website.

This type of scam has been around for a long time, and although it used to be fairly easy to tell a fake one from a legitimate one, it can be quite difficult nowadays with scammers using more sophisticated techniques. Phishing attacks tend to target your bank or credit card details as well as username and passwords for popular social networking sites such as Twitter and Facebook.

According to recent statistics, over 50% of internet users get at least 1 phishing email per day. Thankfully this can be reduced with a decent spam filter (such as GMail’s very good one). However, it only takes one phishing email to potentially cause you a security nightmare!

My top piece of advice is to check the web address of the website to make sure nothing suspicious is going on. You should check the following:

  1. The web address should start with either ‘http://’ or ‘https://’. Some browsers hide this, which is fine, but make sure you don’t have anything else before the ‘://’
  2. Now check everything before the first forwards slash. This is the domain name of the website. Facebook should end with ‘facebook.com’. Quite often scammers will try a different domain name that looks similar- eg. faacebook.com or facebookk.com. If you see this, you are in trouble.
  3. Other technique scammers use, is to use a sub-domain. A sub domain is something instead of or in place of the ‘www’. A scammer could make it look like they are Facebook by choosing a sub domain like facebook.com.phishingsite.com. In this case, the website would be on a sub domain of phishingsite.com! Most sub domains are absolutely fine (for example en-gb.facebook.com, mail.yahoo.com), but just make sure the sub domain doesn’t confuse where you should be!

Have a look at the following infographic from identity protection company, LifeLock which goes into a lot of detail on Phishing as well as the ways you can protect yourself from being a victim:

Fishing with Bait: How to Avoid getting Hooked in 2013

 

Conclusion

Have you been a victim or phishing? Have you seen any interesting phishing emails? Have you got any tips? Have you got any tips regarding the infographic, protecting yourself from phishers by Lifelock? As always, please let me know in the comments below!