6 Tips to help protect yourself from phishing attacks

James Ogier
23rd May 2022
Information Security

Phishing is the number one method of cyber attack delivery for everything from ransomware to credential theft.

Many of us know what to look out for when it comes to recognising suspicious emails, but other types of phishing attacks can be harder to identify. As we spend increasing amounts of time online, phishing over social media has skyrocketed by 500%. There has also been a 100% increase in fraudulent social media accounts, created with the sole purpose of scamming a user. Phishing via social media can often be easier to fall for as realistic looking profiles can make the scammer look more trust-worthy.

The tips below can help you to protect yourself from phishing attacks.

Set your social media profiles to private

Scammers love public profiles on social media for lots of reasons. The first is that they can freely browse your profile, gathering personal information and learning about your interests, personality, schedule and location. This can make it easier for them to reach out to you in a realistic way. For example, they could learn what book club you’re a part of, find out what book you’re currently reading and the name of someone else in your group, and message you using that information to gain your trust. “Hi, I’m Becky’s friend and I’ve decided to join your book club! I’ve just finished reading Conversations with Friends, wasn’t it brilliant? I’m looking forward to meeting you in person at the next club meeting on Wednesday.” After sending this initial message to gain your trust, they could follow up with a malicious link that installs malware onto your device.

The second reason is that scammers can clone your profile, steal your images and create a fake page for phishing your connections. Bad actors do this to try and connect with your friends and connections and send them malicious links. Because the message appears to be coming from someone they know and trust, they are more likely to click on the link.

You can limit your risk by going into your profile and making it private to your connections only. This means that only someone that you’ve connected with can see your posts and images, not the general public. For sites like LinkedIn where many people network for business, you might still want to keep your profile public, but you can follow the other tips below to reduce your risk. It’s also worth considering what you post, for example, never share travel plans or information about where you’ll be at a certain time.

Hide your contacts / friends list

Some social media platforms allow you to hide your connections. This means you can keep phishing scammers from accessing your contacts and contacting them with malicious messages.

Be wary of links sent via social media messages

Links are the preferred way to deliver phishing attacks, especially over social media. Links in social posts are often shortened, making it difficult for someone to know where they are being directed until they get there. This makes it even more dangerous to click links you see on a social media platform. A scammer might chat you up on LinkedIn to inquire about your business offerings and give you a link that they say is to their website, which when clicked, installs malware onto your device.

Unless you know the source to be legitimate, do not click links sent via direct message or in social media posts. Even if one of your connections shares a link, be sure to research where it is coming from. Hackers can sometimes access people’s profiles and use them to send malicious messages to their connections, so even if the message appears to be coming from someone you know and trust, you should always be wary.

While it may be fun to know what Marvel superhero or Disney princess you are, stay away from quizzes on social media. They’re often designed as a ploy to gather data on you that could be used for targeted phishing attacks or identity theft. The Cambridge Analytica scandal that impacted the personal data of millions of Facebook users did not happen all that long ago. It was found that the company was using surveys and quizzes to collect information on users without their consent. While this case was high-profile, they’re by no means the only ones that play loose and fast with user data and take advantage of social media to gather as much as they can. It’s best to avoid any types of surveys or quizzes on any social media platform because once your personal data is out there, there is no getting it back.

Avoid purchasing directly from ads on Facebook or Instagram

Many companies advertise on social media legitimately, but unfortunately, many scammers use the platforms as well for credit card fraud and identity theft. If you see something that catches your eye in a Facebook or Instagram ad, go to the advertiser’s website directly to check it out, do not click through the social ad.

Research before you accept a friend request

It can be exciting to get a connection request on a social media platform. It could mean a new business connection or connecting with someone from your old school. But this is another way that phishing scammers will look to take advantage of you. They’ll try to connect to you which can be a first step before reaching out direct via DM. Do not connect with friend requests without first checking out the person on the site and online using a search engine. If you see that their timeline only has pictures of themself and no posts, that’s a big red flag that you should decline the request.

Can your devices handle a phishing link or file?

It’s important to safeguard your devices with things like DNS filtering, managed antivirus, email filtering, and more. This will help protect you if you happen to click on a phishing link.

For more advice, information and support about cyber attacks, get in touch with our Information Security team today.

James Ogier

James has worked at Resolution IT for 7 years, after a period in the aviation industry.

With a keen interest in security, specifically auditing and IT governance, he is well placed to advise clients in best practice, guiding them through their cyber security journey.

James has earned the ISC2 SSCP (Systems Security Certified Practitioner) and is able to certify organisations to the Cyber Essentials and IASME governance standards. He also holds Microsoft MCSA Windows 8 and 10 certifications, CompTIA A+, Network+ and Security+ accreditations, as well being a Certified ISO 27001 ISMS Lead Implementer.

A highlight for James is working closely with clients to fully understand their business requirements in order to safeguard their organisation as much as possible.

Career opportunities

If you’re looking for your next career move and seeking opportunities offering professional development, rewards and success, then come and talk to us at Resolution IT.

Ready to begin a partnership with us?

Contact Form

"*" indicates required fields

Send us a message

This field is for validation purposes and should be left unchanged.