Simple Things Anyone Can Do (Non-technical Awareness)
These are easy habits and behaviors that don’t require any technical knowledge.
- Don’t Trust Unknown Messages: Be cautious if you receive emails, texts, or phone calls from unknown senders, especially if they ask you to click a link, download something, or give personal information (like passwords, credit card numbers, or social security numbers).
- Double-Check the Source: If you get an email or message that seems strange or urgent (for example, asking you to confirm your bank account or personal details), don’t click any links. Instead, visit the website directly by typing its address into the browser yourself (like www.yourbank.com). Call the company, department or the person directly using their phone number from a trusted source (like a bank statement or your company phone book).
Watch for Red Flags: Look out for common signs of phishing:
- Spelling mistakes or unusual language.
- Suspicious-looking email addresses (e.g., a bank email that looks strange, like “[email protected]“ instead of the official domain). Always call the bank or visit in person to verify.
- A sense of urgency, such as: “Act fast, or your account will be locked!”—Scammers use fear to trick you into clicking links.
Examples:
- You might get an email or text that looks like it’s from your bank, asking you to urgently click a link and log in. But when you click the link, it actually takes you to a fake website that looks like the real one. If you type your password there, the bad people get your information.
- You might receive an email or text saying you’ve won a prize and asking you to click a link to claim it. Be careful do not click on it!—clicking on a fake link can infect your computer with a virus!
A Bit More Technical (Things you Can Do by Yourself)
These tips are easy to follow but might require a bit more attention.
- Hover Over Links Before Clicking: Before clicking a link in an email or text, hover over it to see the actual URL. If it looks suspicious or doesn’t match the sender, don’t click.
- Check for Secure Websites: When entering personal details online, ensure the site is secure. Look for a lock icon and “https://“ in the address bar—this means the site uses encryption.
- Use Strong, Unique Passwords: Create different, hard-to-guess passwords for important accounts. Mix letters, numbers, and symbols, and avoid common words or personal details.
More Technical (Calling an IT Person or Expert or Yourself)
These steps are more technical but can be set up by an IT professional—or with the right guidance, you can do them yourself.
- Install Anti-Phishing Software: An IT professional can install low-cost software on your devices that help block phishing attempts and other online scams. These tools scan websites and emails to warn you about potential dangers.
- Enable Multi-Factor Authentication (MFA): This adds an extra layer of protection to your online accounts. When you log in, after typing your password, you’ll also need to enter a code sent to your phone or email. It’s a bit more technical, but an IT person can help set this up for you on accounts like email, bank, or shopping websites.
- Regular Security Updates: Make sure your computer, phone, and apps are regularly updated with the latest security patches. An IT person can help ensure your system is set to update automatically.
Simple Awareness: Don’t trust unknown messages, check sources, and look for red flags.
Moderately Technical: Hover over links, check for secure websites, and use strong passwords.
Technical Help: Get anti-phishing software, enable multi-factor authentication, and keep your system up to date with help from an expert.
By following these steps, people can significantly reduce the risk of falling for phishing scams and other types of cyber-attacks. It’s all about building habits that make it harder for hackers to succeed.