Have you ever received an email from a bank requesting your personal information? Or a promotional email asking you to urgently click a link? Or an email saying that your account has been compromised and you need to change your password immediately? What about an email indicating that you’ve received a booking from a travel agency you’ve never heard of? We hope you haven’t clicked anything! We don’t want you to be a victim of phishing.
Phishing is a type of cyber attack. In these attacks, malicious people aim to obtain your personal information by reaching you through various methods such as email, message, and phone call. Unfortunately, it’s not always that obvious. The most dangerous aspect of phishing attacks, officially defined in the mid-1990s, is that these people approach you as people and institutions you know and most importantly trust. By creating a reason in the email they send you, they may ask for your personal information, make you click unreliable links, gain access to your computer, and try to manipulate you for many other malicious purposes. As a result, you could be defrauded and give away sensitive information about you and your business.
Unfortunately, the rapid advancement of technology also applies to phishing. Professional hackers come up with scenarios that are more and more difficult to notice by developing a new method every day. It is not possible to keep up with the examples. But the situation doesn’t have to be that concerning. By paying attention to a few simple points, you can manage your business smoothly and safely.
Your sensitive information is private to you
The first and most important point you should not forget is that no institution or organization will ask for your personal information such as your password via email. In order to proactively avoid this kind of situations, make sure that the passwords you use for your various accounts are different from each other and update your passwords periodically. You can easily secure your accounts by using a two-factor authentication system (2FA) and most importantly by not sharing your password with anyone.
Just read the sender’s URL address carefully
Never follow directions in emails if you are not sure of who they are coming from or seem suspicious. For example, you need to know how to spell the “HotelRunner” brand that you trusted for years and be suspicious of an email address such as firstname.lastname@example.org. Even if you click a link in the email which redirects you to a website asking for your username and password, you need to check the URL in the address bar of your browser, and be sure that you are at the right place to submit your sensitive information. You can also check if the site is secured with an SSL certificate or not by checking the URL prefix, which must be “https://” if the site is secure. In such situations, contacting the company you work with and informing them about the situation will be useful to prevent the attack.
Don’t be overwhelmed by the sense of urgency
“Your password will expire within 24 hours, click the link below to renew it.”
If you have received an email like this one, consider the possibility of a phishing attack. These types of attacks are intended to make you take action quickly by forcing you with the reward/penalty system. For example, someone might be trying to obtain your information by masquerading as a social media app you love and creating a sense of urgency. In such cases, carefully check the sender of the email and be careful to click shortened URL links (such as ow.ly, tinyurl.com, is.gd, goo.gl, tiny.cc, cli.gs).
Phishing types and methods will continue to evolve and exist. It’s not possible to exclude communication methods like phone, email etc. from our lives. Therefore, we need to learn how to safely manage our business and sensitive personal information.
The next time you get such an email, all you have to do is “reading the email” carefully!