Your guide to protecting yourself from phishing attacks

This Cyber Security Awareness Month, we need to raise awareness about one of the biggest cyber threats: phishing. Here is your guide to what phishing is, how it works, and most importantly, how you can protect yourself and your organisation.

Phishing is a type of cyber attack where cyber criminals impersonate legitimate organisations or individuals to trick you into revealing sensitive information, such as passwords, credit card numbers, or personal identification details. These attacks often come in the form of emails, text messages, or even phone calls that appear to be from trusted sources.

Types of phishing attacks 

  1. Email phishing: attackers send convincing emails with malicious links or attachments, designed to steal your data or install malware on your device
  2. Spear phishing: targeted phishing attacks where cyber criminals personalise their messages to a specific individual, often using information gathered from social media or other sources
  3. Vishing (voice phishing): phishing attacks conducted via phone calls, where scammers impersonate legitimate organisations or individuals to extract sensitive information
  4. Smishing (SMS phishing): similar to email phishing, but delivered via text messages, usually containing deceptive links or requests for personal information
  5. Pharming: cyber criminals redirect website traffic to fake sites that look legitimate, aiming to steal login credentials

How phishing works 

Phishing attacks are successful because they rely on social engineering tactics to exploit human psychology. Here’s how a typical phishing attack unfolds:

  1. Deceptive message: you receive a message that appears to be from a trustworthy source, such as a bank, social media site, or a colleague
  2. Urgency or fear: the message creates a sense of urgency or fear, prompting you to act quickly without thinking
  3. Fake links or attachments: the message includes links to fake websites or malicious attachments
  4. Data submission: you are asked to provide sensitive information, such as login credentials, credit card numbers, or personal details
  5. Data theft: the attacker uses the information you provided for fraudulent purposes, such as stealing money or committing identity theft

Protecting yourself from phishing

Protecting yourself from these types of attacks can be daunting, as you don’t know when they’ll come, or in what form. But by following the below steps, you will be better protected against cyber criminals who perform these types of attack.

  1. Verify the sender: always double-check the sender’s email address or phone number. Be wary of unexpected messages, especially those demanding immediate action
  2. Don’t click on suspicious links: hover your mouse over links to see where they lead before clicking. Be cautious of shortened URLs
  3. Beware of urgency: phishers often use urgency to pressure you into acting quickly. Take your time to evaluate the message
  4. Enable two-factor authentication (2FA): use 2FA wherever possible to add an extra layer of security to your accounts
  5. Educate yourself: stay informed about the latest phishing tactics and be cautious of unsolicited messages
  6. Use antivirus software: keep your devices protected with up-to-date antivirus and anti-malware software
  7. Report suspicious activity: if you receive a phishing attempt, report it to your organisation’s IT department or to the appropriate authorities

Need more guidance?

Check out our cyber security page for more information.

Find out more

Cjay Awere, Governance, Risk, and Compliance Consultant

Guest Author