On February 6, people around the world marked Safer Internet Day. Originally an initiative of the European Union (E.U.) SafeBorders project in 2004, Safer Internet Day aims to raise awareness of emerging online issues and encourage everyone to use the internet in a safer and more responsible fashion all year round.
Cyber-crime attacks take many forms – malware, viruses, phishing, to name just a few. Worldwide, phishing remains one of the most common forms of attack used by cybercriminals. It also remains one of the most dangerous. According to Symantec, one specific form of phishing email has targeted more 400 businesses every day, draining $3-billion (~R36-billion) globally over the past three years.
Before we explore why phishing is so dangerous and what you can do about it, it's worth reminding ourselves what it is.
Phishing is the most common technique used to obtain sensitive information about you, like your username and password, or banking and financial information.
While phishing can take many forms, it typically entails hackers contacting their targets via email, telephone, text message, or apps, posing as a legitimate person or trusted organisation in order to trick them into providing sensitive personal information.
With cybercriminals able to mimic these organisations in increasingly sophisticated ways, phishing has become more common and more difficult to protect against. In fact, a recently released report from PhishMe found that 90 percent of South Africa's IT security decision makers have dealt with security incidents originating from deceptive emails.
With phishing attacks having such a high cost to individuals and organisations alike, it is vitally important that everyone do everything they can to defend themselves against phishing.
Stay vigilant, stay educated and stay up to date with the latest developments in the space.
Here are a few tips that, if followed, will make you much less likely to be a victim:
- At the most basic level, you should be wary of requests for personal information. Don't reply to suspicious emails, instant messages, or pop-up windows that ask for personal information like passwords or financial information. Even if the message comes from a website that you trust, never click on a link or send a reply message with your personal details. It's better to go directly to the website or app to log into your account.
- Before downloading any attachment, you should also open it through your browser, reducing the chance of infecting your device.
- If you want to take things a step further, enable 2-Step Verification on your email (if it allows this). 2-Step Verification means that logging into your account requires a second step, beyond just your username and password. With 2-Step Verification enabled, a hacker can't access your account with your username and password alone.
- Many of your online accounts, including banking or financial institutions or social media accounts, will also offer 2-Step Verification options, further reducing your risk of falling victim to a phishing attack.
- Companies in the technology space are constantly working on new ways to protect users from phishing attacks. At Google, for example, our Advanced Protection Programme (APP) is aimed at protecting high profile individuals like policymakers, campaign teams, journalists, activists and business leaders, and requires the use of a physical security key in addition to 2-Step Verification.
At the same time, however, cybercriminals are constantly looking for new ways around those protections.
The best advice for Safer Internet Day, and every day, is for all of us to stay vigilant, stay educated and stay up to date with the latest developments in the space.