Phishing is a serious security problem. It affects people and companies all over the world. And while things like ransomware infections and data breaches sound more serious, these problems often start with phishing emails. According to Europol’s 2017 Internet Organised Crime Threat Assessment, the vast majority of attacks involve threat actors contacting their victims using emails, with some reports putting this figure as high as 95 percent.
Attackers use phishing emails to manipulate victims into disclosing sensitive information. And there are many ways attackers accomplish this. One well-known strategy is to trick victims into entering login credentials for online accounts into fake websites – a strategy that lead to the compromise of John Podesta’s email account in March 2016.
So what can an average person do to protect themselves from phishing? There are a few tells that people can use to help spot phishing emails. But a good preventative measure is to use plain text emails.
“I recommend using plain text emails as your default view when possible, and especially when communicating with someone you don’t really know,” explains F-Secure Security Advisor Sean Sullivan. “Looking at things like links in plain text makes it easy to spot the dodgy URLs used in a lot of phishing scams. And spotting a weird link in an email from your bank, your online dating service, or some other company should be an immediate red flag that what you’re reading might be part of a phishing scam.”
How to actually setup your emails to view them in plain text depends on your email client. But it can be done on your desktop/laptop with both Outlook and Gmail. However, the capability is not as popular on mobile clients. But Sean says the risks on mobile devices are a bit different.
“Mobile operating systems are heavily sandboxed compared to their desktop counterparts, so an attacker needs multiple chained exploits to quickly compromise a target, and those are pretty rare,” explains Sean. “I’d rather open a PDF on a mobile device than my desktop. But you still have to be careful about following those links, so exercising caution is still really important.”