Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

DADA/Articles/st13_AviodPhishing.md

Go to file
 
 
Cannot retrieve contributors at this time
Avoiding Phishing Trust your instincts Think before you click Use a password manager Keep firewalls and AV up to date Task
65 lines (44 sloc) 2.49 KB
Raw Blame
Open in GitHub Desktop

In the last section, we discussed Phishing, what it is, why it occurs and examined some of the techniques that are used. In this section, we look at how you can protect yourself against Phishing attacks.

Avoiding Phishing

This is one area where there are no "rules" to follow. A well structured phishing attack should look genuine, and as a social engineering attack there are few "technical" signs that can be picked up.

Phishing.org has a nice PDF summarising the common social engineering techniques found in Phishing emails.

However, there are still a few rules of thumb that can be applied to help spot and avoid Phishing attacks.

Trust your instincts

It may sound like something the POTUS would say, but this is our first port of call. Looking for stuff that is different than normal.

  • Do you know who is sending the email?
  • If so:
    • Are they asking anything that is out of character?
    • Do you have anything to do with the emails originator? As a rule - if it's from someone you don't know, don't trust it.
    • It's unlikely that a web service will appear out of the blue and ask you to confirm credentials.

Always apply some common sense here, think about why that link is asking you for your login details, It may be because your session has expired. Login on the genuine version (away from any link in a message) and try to conform if there is a genuine problem with your account.

Think before you click

Trying to persuade the target to click on links in emails is the first stage of a phishing attack. Hover the mouse over a link before you click, it should show the address the link points to. Does the address displayed seem legitimate? Are there strange characters, or lots of subdomains in the link? These are all signs that the email is not legitimate.

Use a password manager

Having different passwords for all your online accounts is good security practice. Keeping track of all these passwords is made simpler by using a password manager. Then even if one account gets compromised, your other accounts are safe. The best password is one that you don't remember.

Keep firewalls and AV up to date

Firewalls and antivirus systems can help prevent consequences of installing malware, by either blocking the program from running, or stopping any external network traffic. Be wary of opening an attachment that prompts to disable AV or firewall.

Task

Give Google's Phishing Quiz a go:

https://phishingquiz.withgoogle.com/