Prevention Tips and Advice
Although the sophistication of the attacks is considerable, there are several simple tips that you may consider in order to avoid the phishing attacks:
Treat cautiously any unsolicited message and, as a rule of thumb, don’t click on URLs contained in their body unless you are 100% certain they come from whom they say. Please try to look into the message headers (here you can find how to do it in Outlook) because 99.95% of the phishing messages are coming from spoofed addresses that are easy to spot in the headers: for example they appear to come from John Smith from yourbank.com in the To field, but in the header you see that the sender is something like firstname.lastname@example.org (or from some other domain name)
When you receive messages containing URL-s you can always check the URL structure and real Internet address at mouse over (when you pass with the mouse over it). Be careful as the attackers are using very similar names or trick you by using numbers (ex: Cit1Bank, or Micros0ft, or Gogle/Gooogle, or Aple, or 1NG Bank). Also, be careful at URL structure – for example while https://authentication.mybank.com is a subdomain of MyBank, a construction like https://authenticationservice.com/MyBank/ is a subdomain of authenticationservice.com.
Please use an antimalware solution that contains web and content filtering modules, because these controls are very effective against phishing websites, blocking your access to dangerous pages, pre-validating their content and also warning you about suspicious aspects. Also, a good antispam solution will filter more than 90% of the phishing messages.
If the message is pretending to come from your bank, please consider that no bank is asking you to give them the credentials in pages referred by URLs in messages, instead they are asking you to enter normally (preferable manually) into your accounts and check their communications in the Communications or Messages section of the platform. And in doubt, better call directly your bank contact or their Customer Support.
If you receive unsolicited messages pretending to come from your social networks, please try to access the respective social networks by using their respective mobile apps or by MANUALLY TYPING their address in the browser.
When you receive special offers from retailers, validate them in browser by manually entering your account and checking whether they are real. If you don’t have an account to those retailers, just ignore the message.