Be one step ahead of a hacker: check simple cybersecurity tips!

In today’s interconnected world, our lives revolve around digital technologies. From online banking to remote work, social media connections to healthcare records, we entrust a vast amount of personal and sensitive information to the digital sphere. Imagine the Internet like a giant playground. It’s fun and full of cool stuff, but sometimes there are hidden dangers that we cannot see, like landmines. These dangers are called cybersecurity threats, and they can hurt our computers and steal our important information if we’re not careful.

This brief guide will help you to spot the digital dangers and stay safe online. By understanding the risks and implementing these simple yet effective measures, you can transform yourself from a vulnerable target to a confident and informed digital citizen.

So, buckle up, and let’s embark on this journey towards a secure and empowered digital experience!

What is Phishing?

Phishing is a type of fraudulent activity carried out by cyber criminals whereby they send disguised e-mails to people or organisations purporting to be from reputable sources to lure the reader into clicking on links to dodgy websites or to give away sensitive information such as bank details, account passwords or credit card information.

Some phishing emails may contain viruses disguised as harmless attachments, which are activated when opened by the victim. The aim of this type of phishing attack could be something more specific, such as the theft of a business’s sensitive data.

Criminals will use multiple mediums for delivering phishing lures such as:

• Email Phishing: Malicious content delivered through email.
• Smishing: SMS text messages to a mobile phone.
• Vishing: Fraudulent voice phone calls.

Each of these lures will be designed to look genuine, and the sender will usually claim to be a person or organisation that you are familiar with to make it easier for them to gain your trust. It is becoming increasingly difficult to identify these social engineering attempts as attackers become more sophisticated. Attackers take advantage of people’s social instincts, such as being helpful and efficient or their emotions such as fear or anger.

How to avoid being phished?

Criminals will check the Internet for people’s publicly available information to make their phishing e-mails more convincing. By thinking about what personal information you and others have about you online, there are some easy steps to take to make you a less likely target for a phishing e-mail attack.

• All social media platforms provide in-depth privacy settings for their users. You can review these settings within your social media accounts and make sure your information isn’t publicly viewable.
• It’s not only you who can post information about yourself online. Be wary of what information your family, friends or work colleagues have posted about you. If necessary, ask them to remove any information about you.
• Make a simple checklist you can remember easily by using our giveaway phishing signs (below) to help you to scan e-mails that you aren’t too sure about. If you are suspicious of an email that you have received, then report it to your IT administrator or e-mail provider and then delete
  the suspicious e-mail.

Giveaway signs of Phishing

As cyber criminals make their phishing e-mails more convincing to try to gain your trust, always pause to consider if an e-mail makes you suspicious. You can still stay one step ahead of them by remembering to scan for one or more of these giveaway phishing signs that could signify you are being targeted by a phishing e-mail.

• Does the e-mail begin with a general or impersonal greeting such as ‘Dear Friend’ or ‘Valued Customer’? If you aren’t addressed by your name, then this could signal that the sender does not know you and should not have your e-mail address.
• Check the sender’s email address by hovering your mouse over the ‘from’ address or clicking the down arrow beside the sender’s name to reveal more details about the sender. Does the name match the e-mail address and do they look legitimate? If not, the sender could be trying to
  impersonate somebody.
• Is there a sense of urgency to the e-mail such as a request for your bank details or an action to take to avoid losing a service? Your bank or other familiar organisations will never make such requests from you in an e-mail. If you see this type of request, be cautious, and contact the organisation directly to confirm.
• Always check password reset or authentication requests sent to you by e-mail or SMS. You should only receive these requests if you have requested a password change or attempted to authenticate through your online account. Cybercriminals can send unsolicited requests to steal your passwords: if in doubt, don’t click and report it to your account provider.
• Are you being offered something for free or at a heavily discounted rate? Ask yourself does this sound too good to be true? This tactic is used to panic you into thinking you might miss out on a good opportunity if you don’t follow the e-mail’s instructions. If it sounds too good to be true, it
  probably is.

Some of these giveaway signs can also be present in text message scams (smishing) and fraudulent telephone voice calls (vishing). The general advice for these types of scams is as follows:

• Shortened and unrecognisable links are a sure giveaway, don’t click the bait.
• Honest communications will never ask you to provide personal details.
• If it feels too good to be true or you aren’t totally sure of something, then don’t engage.
• Contact the organisation directly using their official phone number which should be on their official website to check if they have tried to contact you.

Have you clicked the bait?

If you think you’ve been the victim of a phishing e-mail and have already clicked a link, an attachment or provided sensitive information then you can still take these actions to minimise the disruptive effects of the attack.

• If you have provided sensitive information such as your password or bank details, then change your passwords on all your accounts and contact your bank to get advice on what you should do next.
• Use an antivirus software program to run a full scan of your device so it can attempt to uncover any possible viruses and try to remove them.
• If you have been victim of a fraud, then you should report this to your local police.

General cybersecurity tips:

• Be aware of suspicious messages. These messages may come in the form of emails, text messages, or social media posts. They may offer something that seems too good to be true, or they may try to create a sense of urgency.
• Do not click on links or download files from suspicious messages. This could lead to malware being installed on your device, or your personal information being stolen.
• Report suspicious messages to the sender. This will help to warn others about the scam and to get the message taken down.
• Use strong passwords and change them regularly. This will make it more difficult for hackers to guess your passwords.
• Enable two-factor authentication. This adds an extra layer of security to your accounts by requiring a second factor, such as a code from your phone, in order to log in.
• Keep your software up to date. This includes your operating system, web browser, and other applications. Updates often include security patches that fix vulnerabilities that hackers could exploit.
• Be careful about what information you share online. Don’t share personal information, such as your bank account number or Social Security number, with people you don’t know.
• Be mindful of phishing scams. Phishing scams are emails or messages that try to trick you into clicking on a link or downloading a file that contains malware. They may often impersonate legitimate companies or organisations.
• Protect your passwords. Never share your passwords and codes with anyone, and avoid transmitting them via email, phone call, text message, or social media. It is recommended to use strong passwords and change them regularly  

By following these tips from the The European Union Agency for Cybersecurity (ENISA) you can help to protect yourself from phishing attacks.

The European Union works on various fronts to promote cyber resilience, safeguarding our communication and data and keeping online society and economy secure. The EU cooperates with other countries to help build up their capacity to defend against cybersecurity threats in different countries worldwide, as well as in the six Eastern Partnership countries through various programmes, like EU4Digital. EU4Digital is EU’s flagship regional programme to support digital transformation and the harmonisation of digital markets in the countries of the Eastern Partnership. 

Take the quiz to test your cybersecurity knowledge.

Visuals: The European Union Agency for Cybersecurity (ENISA)