As sophisticated online attacks become more commonplace, it’s essential that users at an elevated risk of being personally targeted online — like policy makers, campaign teams, journalists, business leaders, or others in the public eye —are equipped with knowledge and tools to protect their online accounts.
Unknown to many, phishing is the most common technique used to obtain sensitive information about you, like your username, password, or banking and financial information.
Hackers can attack through e-mail, telephone, text message, or through apps posing as a legitimate person or trusted organisation in order to trick them into providing sensitive personal information.
In 2017, a ransomware was reported to have attacked 14 servers in Kenya, among them two multinationals. This was partly attributed to phishing where computer users unknowingly opened links from unknown but genuine-looking links, thereby opening themselves up to attacks.
It is important to learn how to spot the various forms of phishing and how to safeguard against it.
First, be wary of requests for personal information. Don’t reply to suspicious emails, instant messages, or pop-up windows that ask for personal information like passwords or financial information.
Even if the message comes from a website that you trust, never click on a link or send a reply message with your personal details. Remember that legitimate sites and services will not send messages requesting you to send passwords or financial information over email.
Second, always double check the file before downloading it. Some sophisticated phishing attacks can occur through infected documents and PDF attachments. If you come across a suspicious attachment, use Chrome or Google Drive to open it safely and reduce the risk of infecting your device.
Lastly, some features such as the Password Alert Extension on Chrome will alert you when you enter your password on a non-Google site. Find a suitable one.
Through simple measures, Internet users can protect their machines from phishing. Two-step verification is one such measure which means that logging into your account requires a second step beyond providing your username and password.
With this enabled, a hacker can’t access your account with your username and password alone as they would require a physical security key or a code sent via SMS or the Google Authenticator App.
Even the most careful and security-minded users and corporates can fall victim to phishing scams, especially if those scams are individually targeted. It is important to gear up in a time.
The author is Google’s Policy and Government Relations manager for East Africa.