How to protect yourself from phishing attacks
Phishers feed off of their victims' carelessness, ignorance of network security rules, and gullibility.
Many users ignore simple facts:
- banks, as well as social networks and public service administrations, NEVER send letters requesting that users report their credentials, passwords, and other confidential information;
- users are NEVER asked to send an SMS to recover an account password;
- a familiar look and even a correct URL in the browser cannot guarantee that the user has accessed the site they intended to. Fraudsters can easily copy websites. Special java scripts replace the URL in the browser address bar.
You should never give any details about your debit card (its number, validity, PIN and last three numbers in the signature band (CVV2/CVC2) if somebody asks for them for a lottery, promo campaigns, during a conversation, or in an incoming message (including from addresses in your address list).
In fact, by giving out this information, you are letting an unknown party manage your funds.
What should you do?
To minimize the risk of falling for scams, especially if you are too trusting or careless, follow our simple tips. Remember that your data and money will remain safe only if you follow the full range of protection measures.
- Before launching your browser, perform an anti-virus update. It will download the latest virus databases and your computer will be protected from the latest virus threats. An anti-virus removes harmful files, but it can only eliminate virus threats known to its database or threats that can be detected with a heuristic analyser. The anti-virus won't be able to detect or remove an unknown threat until it receives a corresponding update for its database. No other software requires such frequent updating as an anti-virus. New viruses are constantly being written, and virus databases are updated very frequently (at least 1-2 times per hour). Automatic updates should never be disabled!
- That's why you need to regularly update all the software installed on your computer. Any software has vulnerabilities.
- Work at a computer only under an account with limited rights. A guest account should be disabled.
- Never disable the mail monitor of your anti-virus. It scans all messages before the email client processes them. And that means viruses won’t be able to exploit the vulnerabilities of the corresponding email programs.
No software other than an anti-virus can clean a mail database from malicious software that has penetrated it through emails.
- Use comprehensive anti-virus protection systems, which include:
Your computer protection must include these three components.
- Anti-spam — filters junk emails;
- HTTP monitor — scans traffic, before your browser processes it. It will prevent browser and software vulnerabilities from being exploited by malware. An HTTP monitor should be used to scan all the links offering to download resources from the network, and all traffic until it enters a computer;
- Parental Control — blocks access to objectionable web content. Never disable this component and regularly update the list of objectionable web resources.
A present-day anti-virus solution is quite different from yesterday's file anti-virus. A single anti-virus is not enough!
- Install anti-virus protection on all the computers you are using, including mobile devices. This will eliminate the risk of infection during synchronization with your PC.
- Don't follow links from any unusual or suspicious emails — type the address of the site. First open the home page, and then try to find the promo section from the message (if it's a real promo campaign, the information about it is likely to be on the main page). For example, if the incoming letter has the link http://sberbanck.ru/reklama/, first check whether this site exists — http://sberbanck.ru.
- If you use your computer to access remote banking systems (online banking), you need to log all the events and actions performed on the computer. If intruders steal money using your PC and you need the expertise of a virus-related computer incident, the log will be examined and used for event restoration.