10 Things You Can Do to Ward Off Phishing Scams

linda_ikechukwu.jpg

Linda Ikechukwu

Follow Smallstep

It's the last day of #CyberSecurityAwareness month! We asked Smallsteppers to share some tips on what you can do to stay safe online and ward off scams and phishing attempts.

Here are 10 things you can start practicing today for a safer online experience:

1) Enable Two-Factor Authentication (2FA). If you have not already, go into all of your accounts and enable 2FA. 2FA adds an extra layer of security to your accounts. In the event of a data breach where your password is exposed, 2FA prevents attackers from immediately accessing your account.

2) Use a password manager. Strong unique passwords are harder to hack, but they’re also difficult to come up with and remember. Consider using password managers to generate and store passwords for you.

3) Enable Passkeys where you can. If you are on an Apple device, you can add passkeys as a means of authentication for your favorite apps. Passkeys are cryptographic keys tied to specific devices or biometric data, making them resistant to phishing

4) Regularly Update your software. Be sure to periodically update your operating system, browsers, and apps. Yes, we know it can be inconvenient to update and reboot but it is for a good reason. Updates often include security patches!

5) STOP oversharing online!! Don’t share personal identifiable information like your height, where you live, SSN, bank account numbers, credit card details, and more. Cybercriminals can use personal details for scam. Even seemingly innocuous details can be used maliciously.

6) Regularly Audit App Permissions. Check which apps have access to your social media and email accounts. Revoke permissions from apps you no longer use or trust. Ensuring apps only access what's necessary minimizes the risk of your personal data being mishandled or misused.

7) Protect Your Webcam and Mic. Stick a cover on your webcam and disable your microphone when not in use to thwart unwanted eavesdropping.

8) Never download PDFs directly! Always open PDFs safely with your browser or google drive to confirm that everything looks okay. PDFs can contain embedded links, scripts, or malware that may harm your device or compromise your security.

9) Inspect strange emails. When you receive an unexpected email from an unfamiliar email address, perform a long press or hover your mouse over URL links to preview them. Check if it matches the supposed sender's domain.

10) Lastly, educate yourself! Stay informed about common online threats and how to recognize them. Cybersecurity awareness is your best defense.

Stay safe out there.

About the author: Linda is an educator at heart, and her superpower is demystifying complexity. Since joining SmallStep as a developer advocate, her new mission is now to demystify and educate about PKI and digital certificates :)