Go Premium!
Our plans are super convenient and affordable. Only use your VPN a little? You get limited location and contain ads! Need more data? Purchase unlimited access for one month, or buy more months and save.
Phishing (pronounced ‘fishing’) is the most widespread type of cybercrime. Over 3 billion phishing emails are sent every single day. The average cost to organizations is $4 Million each. Still, these types of attacks target people of all ages and backgrounds, so it’s important to stay vigilant and stop phishing before you become a victim.
Phishing is different to plain spam/junk mail. Usually, phishing emails impersonate a legitimate person or organization but contain harmful web links. Most often these links point to malware or to fake websites, designed to steal your personal information. Luckily there are some easy ways to spot attempts to ‘phish’ your data.
If you’ve just received an important-looking email from your bank or Paypal, take a moment to check the ‘From’ email address. If it’s a public domain like ‘gmail.com’ instead of the website of the service itself e.g ‘paypal.com’, you’re dealing with a phishing email.
Check with your mail provider to see the full ‘message header’ if you’re unsure. The ‘Reply-To’ email address should match the ‘From’ address.
Some sophisticated scammers will also register domains that look very similar to legitimate ones e.g. www.pyapal.com instead of www.paypal.com, so make sure to check the spelling carefully.
Unfortunately, email addresses and headers can be forged, so even if these check out, make sure to keep looking.
Phishers don’t target you personally: they send out the same malicious emails to thousands of people at a time. This is why most harmful messages will begin with ‘Dear Customer’ or “Dear Sir/Madam’ rather than your name.
Mindful of this, legitimate organizations like Apple always will use your registered first and last name in emails, to assure you that it’s really them. If you’re uncertain, check for previous emails from this sender to see if they usually greet you by name in messages.
We all make typos. Still, if an email supposedly from a legitimate organization like Microsoft is full of poor spelling and grammar, it’s most likely a phishing attack. Scammers from non-English speaking countries are becoming wise to this and are increasingly using AI to put together well-written phishing emails, so even if a message is grammatically correct you should keep digging.
The object of any scammer is to trick you into handing over your money and/or personal data before you realize what’s happening.
That’s why many phishing emails will create a sense of urgency: money is being stolen from your bank account at this very minute. A loved one has been mugged and needs your help. You need to pay $5,000 within the next 24 hours or face a fine. The list goes on.
Of course, there are legitimate urgent emails too. If you’re unsure, look up the telephone number of the person contacting you (don’t use the one supplied in the email) and try to speak to them over the phone to check if the email is real.
Some phishing emails won’t try to frighten you into a sense of urgency but instead will pretend to give you good news. You’ve won the lottery, had an uptick in your stock portfolio or are due to receive a large tax-free sum from a Nigerian Prince.
If it seems too good to be true, once again find another trusted channel like a phone or video call to contact the sender to check if the email is legitimate.
No reputable financial organization will ever ask for personal data like your banking password via email, so if you receive a message asking for this, you can be sure this is a phishing attack.
Another common type of phishing scam involves pretending to be a friend or loved one and asking for your password so they can “just send an email from your account”. If this happens, try to place a video call to them to check if it’s really them, then decide how you can help. You should never give out your password or login credentials, even to friends.
Friends and colleagues send each other files all the time, so the fact that an email has attachments isn’t suspicious in itself. Still, you need to be careful: ask yourself if this person/organization has ever sent you files before? If so, do they usually send it as an email attachment or by sharing a link to a cloud storage service like Dropbox?
These days, most e-mail providers will automatically block attachments that seem to contain a computer program (.exe) but phishing scammers will sometimes try to persuade you to open a Microsoft document full of harmful ‘macros’ or to extract a compressed (.zip) file.
If unsure, don’t download.
Phishing attacks often work by redirecting you to a harmful website. From there, they’ll either try to get you to download harmful malware or impersonate a legitimate website to try to trick you into entering your login information.
It’s very easy to spoof a hyperlink. For instance, this one: http:/www.microsoft.com will actually take you to Apple’s main website, not Microsoft’s. Most web browsers and email programs will let you preview links if you hover your mouse over them without clicking.
Adblockers like AdBlockPlus or uBlock Origin are available as ‘extensions’ for all popular web browsers. Their main function is to remove annoying ads and commercials from web pages.
But they also regularly download lists of known harmful domains, which include those used for phishing attacks. If you try to click on an email link and your adblocker says it’s harmful, listen to the warning and don’t proceed.
By itself, a VPN (Virtual Private Network) can’t protect you from receiving phishing emails, nor can it stop you from clicking on harmful links. However, if you do fall victim to a phishing scam, it can help minimize the data they gather.
This is because when you use a reliable VPN service like hide.me, your device connects to a secure VPN server. When you visit websites, instead of tracing your location via the IP address of your device all they can see is the IP of the server. This protects your privacy, even if you do visit a phishing domain.
Spear phishing has emerged as one of the most dangerous and effective forms of cyber attack. It is a highly targeted type of phishing that uses personalised tactics to trick individuals or organisations into providing sensitive information, clicking malicious links, or downloading malware. Read on to make sure you don’t fall victim to an attack.
Read moreCybercriminals have become increasingly sophisticated, and one of the newest threats is angler phishing, a form of phishing specifically targeting users on social media. By exploiting users’ trust in social media platforms, fraudsters can carry out scams, identity theft, and other attacks. As more people use social media for customer service inquiries, the risk of being deceived by a fake support account grows, making it crucial to understand angler phishing and how to spot it.
Read moreThe majority of people are used to the single-factor authentication process of logging on. A simple username and password, but with data breaches and leaks happening on a frequent basis, this standard of security is simply not enough anymore. That is why multi-factor authentication (MFA) is absolutely vital to protect your most important accounts. The most popular form of Multi-factor authentication is two-factor, otherwise known as 2FA.
Read morePhishing (pronounced ‘fishing’) is where an attacker creates a fake version of an e-mail, website or any other kind of electronic communication. This fake phishing message asks you to open a harmful attachment or click on a link. These are designed to harvest sensitive personal information like your password and bank account details.
Read more
Our plans are super convenient and affordable. Only use your VPN a little? You get limited location and contain ads! Need more data? Purchase unlimited access for one month, or buy more months and save.