How to secure yourself from online event phishing links?
Online communities and the things around them are growing. It’s becoming a trend. The flexibility and convenience are more. But these event calendars are being misused to attack online users and steal data. They are being used for phishing people. So this blog post is to make you aware of which event invite is a phishing scheme and which one is safe to open to accept the invitation. Use these four pointers to see if it’s legitimate.
- Is the source of the invitation legit?
A sudden surprising invite from your favorite brand or an event organizer isn’t all hoax since most of the small and local businesses along with the corporates are using online invitations especially posts covid as an accessible way to invite people to their events. It’s easy to navigate from home, but it doesn’t mean you delete it. But make sure the sender is a verified or legit sender address before accepting an invite or even thinking about clicking the link. Alternatively, make sure that it actually came from that particular business. Try to recall if you ever subscribed or signed up for membership at their venue, store, or website. Then go and online search for that event, if the event is legit it should be posted somewhere on the company website or some event organizer like Eventbrite and more. If you cannot find anything then the invitation is indeed fake and report the email before you mark and delete it as spam.
Furthermore, you can reach out to the company using the phone or email given on their contact us page on their website and ask if there’s such an event and they would be more than happy to tell you about it. Also, if you are always known to go to these events then you would be familiar with the emails or invites you receive from this sender address.
2. Secure your device
Securing your device is one other way to stay protected. So make sure your computer’s antivirus software and a network firewall are up-to-date or at least turned on. This software helps to block spam or malicious links, emails, and attacks that are about to take place on the device if you happen to end up clicking the link anyway. It’s okay to invest in antivirus software as some of them also offer backup protection and protection from ransomware too. There isn’t that latest of at least technology of antivirus pieces for mobiles and tablets but it’s good to at least have downloaded some basic ones. Since it will help to have that additional layer of security to protect you and your data.
When you continue to open the link, the network is protected from any sort of threat when you click the link to RSVP for that invitation.
3. Giving your personal information
Phishing emails/invites look legit and that’s the whole reason why we even fall for this stuff in the first place. Hackers and cybercriminals have mastered this art of deceiving and know very well how to copy the model of emails and SMS or for that matter any similar-looking thing to get you to click the link in the first place. They even make use of Google calendars, Gmail, and other sites to make it seem as real as possible. They sneak them into our inboxes. The way the email looks doesn’t have to make it legit. The sender will more or less always ask for some kind of personal information. Do not give any personal information at all.
In case, if you think the event is legit and they request personal information then it’s always advised to contact them yourself via the event page or website and give them those details instead of falling into this trap.
4. Look at the URL before proceeding
Most of the time the URL itself will help you make it clear if that URL is even legit or not. All the brand and event or corporate invites start with their domain name and then an extension of the rest of the things. Usually, popular domains and HTTPS are protected by Google Crawlers, and hence phishing the main site would last for barely 5-10 minutes at max before it’s taken down on hosting sites. Didn’t understand a thing? well, don’t worry. I do cover this in upcoming blog posts but for now, just know that popular sites cannot be replicated so check for the legit domain name before the extension link.
Additionally, hover over the link to see the hidden URL (if any). It helps to re-evaluate the site destination address. Something to keep an eye out for is to see if the URL is shortened from a site like TinyURL or bit.ly or other 3rd party sites. When you click on the link, does it take you to the expected site? Sometimes if the ending is some random extension like .doc or .exe then abort the process.
There’s another way, even if you are most careful about all the things. Hackers can redirect you to another site with tons of pop-ups or aggressive downloads and more. There’s also something called link checker and it can sound too much to click on some random link but if you are especially clicking on something related to a bank or similar things then it’s better to be super safe. Link checkers help keep the spam scores of the link and also tell if any files were downloaded in the background when clicked on it. Worst case scenario you already have your device and network protected, you can mid-way stop the attack.
So, I am curious what happens when I click the spam link?
Good question, lol as if I am gonna give you grades for asking the right set of questions. Anyway,
- Your personal information can be collected that’s saved on your browser and on your device
- Random virus files and browser extensions may be downloaded in the background without giving permission to do so.
- You can be tricked to give your credentials like ID and Password or even card details
Most of the time the links are masked so well that you won’t even know that you got exposed. Kudos to hackers haha I am just kidding. But they are good at what they do, so it’s always better for us to keep up with them to safeguard ourselves hence even having a basic awareness of cybersecurity is so important.
HELP! I think I clicked a malicious link but I am not sure?
If you feel like you clicked on a spam link and that you may be exposed to the hackers then first fully scan your device using the antivirus and check the firewall report. Then quarantine or remove the marked files after thoroughly going through them.
Secondly, change the credentials and if possible always have 2-step authentication if possible. It’s great security to have and avoid giving away access to hackers on the first try.
Lastly, help your community. Report any spam emails so that the email subscription services can look into them. It helps, anything helps. If you think it’s a huge scam, let the company know what’s happening and they may be able to warn their customers. Stay safe and secure online.
Let me know what you guys wanna learn next?