How to Protect Yourself Against Phishing
Phishing is a technique used by cybercriminals to trick people into disclosing sensitive personal information. The attacker masquerades as a trusted entity, such as a business or person, in authentic-looking but bogus emails or Web sites. It’s a form of social engineering that takes advantage of a digital world, and it’s one of the most common ways that people fall victim to cyberattacks.
Cybercriminals use phishing to steal account numbers, passwords, and other personal information. They also employ phishing to install malware (e.g., a keystroke logger or ransomware) when people click embedded links in the message or open attachments. In more targeted attacks, called “spear phishing,” the messages appear to come from someone or something you know.
Email is the most common platform for phishing. Messages may claim that your account has been compromised and needs to be shut down, or they might request that you verify your identity by clicking on a link. Other phishing methods include vishing (phone phishing), smishing (SMS phishing) and Wi-Fi spoofing, in which the attacker creates a malicious free Wi-Fi hotspot that appears to be legitimate but infiltrates your system with malware.
The best protection against phishing is to avoid giving out information in response to unsolicited requests, including phone calls or online forms. Also, review the privacy settings in your personal social media accounts to ensure that you are not sharing data that could allow a scammer to guess your password or answer security questions.