Read More: Where Do Most Phishing Attacks Occur and Why?

There are several other ways to tell whether or not a link is the real deal, or could lead you to a fraudulent page.

Take Out Your Magnifying Glass
When a link is sent to you via email, direct message or any other way, take a close look at what the link looks like before clicking it. 

A good way to check whether or not you’re getting scammed by a fraudulent email is to look at the exact spelling of the email account, as well as the URL, and compare it to the real deal.

For example, PayPal sends messages via emails that end with @paypal.com, but a fraudster might use an account that ends with @paypalpayments.com to trick you, so watch out for these discrepancies.

It may seem a bit loony to examine email or link addresses so closely, but taking those extra few seconds can save you from the nightmare of being hacked and victimized.

Become a Cybersecurity CSI
Another way to ensure you’re entering a trusted site is to notice if the domain is secure or not. Sounds really CSI, but it’s not as hard as you think.

First, look for the Secure Sockets Layer (SSL), which shows up on a website when it’s secure. A SSL website begins with “https” rather than “http”.

To further enforce security, also look for the green padlock at the beginning of the link and the word “Secure”, or the name of the company before the link. The green address bar only shows up when a site is using a type of SSL certificate called an Extended Validation (EV) Certificate, which helps confirm that the site is operated by a legally incorporated company.

URL Shorteners Could Be Your Enemy
When media outlets share an article on social media sites, they’ll typically use a URL shortener like Bitly or TinyURL. Sometimes, URL shorteners are used in emails as well. These tools help abbreviate long web addresses but make it hard to tell if a website is legitimate since the appearance of a URL is altered.

One way to get around this issue is to right click on the shortened link and copy the URL to a text editor and examine it. Never load it in your web browser though. When it comes to banking, most major financial institutions will probably not use URL shorteners in official emails, so you’re clear there.

We hope these step-by-step tips help you dissect your electronic correspondence better and avoid being a victim of a phishing or cyber attack.

1. Sketchy Emails That Mimic Well-Known Businesses

Scammers love to send out fake emails that mimic the language and images used by well-known companies. These emails often attempt to trick consumers by offering them a free, in-demand item if they enter a contest, or informing them that their account has been breached, which is a false warning meant to take over a person’s account. You should also be cautious of any email attachments, even if they come from seemingly trustworthy sources, such as a coworker or a friend. If an email or an attachment doesn’t make sense, don’t click on it — the person’s account could have been hacked, and the attachment could contain malware. Reach out to the person directly and ask them if the email is legitimate.

Read More: The Most Common Viruses of 2017 and How to Stop Them

2. Unbelievable Deals? Pause Before You Buy

Fake and malicious ads and websites are especially common during the holiday season. You may see them at the top of Google search results, or on Facebook, Instagram, or another website. They typically advertise absurdly discounted items, such as expensive sunglasses or handbags, laptops, or other in-demand goods for 80% to 90% off. To avoid these types of scams, avoid clicking on any ads or links that seem too good to be true, and consider using an ad-blocker. You should also verify that you are on a legitimate, secure website before entering any information or making a purchase. Lastly, make sure to take advantage of dfndr security’s various protection features like anti-hacking to prevent you from falling victim to any online scams or fraudulent websites.The anti-hacking feature alerts you that a link is malicious and then blocks it before you even click on it.

3. Shopping Apps With No Holiday Spirit

During the holidays, many more malicious shopping apps crop up. They typically mimic well-known shopping apps or else lure consumers in by promising unbelievable deals. To avoid becoming a victim of malware or scams, avoid downloading apps from third-party websites. Further, exercise caution when downloading apps from the Google Play store, and pay attention to the language used — is it free of typos or other glaring errors? — and pay attention to the number of reviews and downloads. Lastly, when it comes to shopping on your phone, stick with a store’s official mobile website.

An Email That Your Transaction Was Declined
While shopping this season, the last thing you want is for your card to be declined. If you receive an email that says your credit card or PayPal transaction was declined for a recent order, this is a phishing scam. Don’t click on any links or hand over your personal information. If you must check your account or the status of your order, manually type in the correct URL and log in to your account to verify that everything is in okay. You could also download an antivirus app like dfndr security to regularly scan your phone for any malware. The best feature you might want to activate in our app is anti-hacking because during the flurry of a shopping session this feature can identify and block malicious links before you click on them. Turn it on to try it:

Spoofed Two-Factor Authentication
In this phishing scam, a hacker uses a victim’s phone number and email address to assume her identity and ask Google (or another service) to reset the password for her email account. Whenever Google texts the victim with the reset code, the hacker will then pose as Google to text the victim about unusual account activity, and request that the victim send the hacker the reset code to confirm her identity. If the victim sends the reset code to the fake Google text, then she has just given the hacker the ability to access her account.

Instagram Shopping Scams
Boutique accounts have become incredibly popular on Instagram, with items often selling out within minutes. While there are many legitimate Instagram boutiques out there, you should be wary of shady accounts that try to lure you in by purchasing an item or clicking on a link. Before you shop on Instagram, make sure that the boutique you’re interested in is legitimate by paying attention to the number of followers, the seller’s language, and any reviews or websites that discuss the boutique.

Fake Promotional Emails With Coupons
Maybe you ignore promotional emails altogether, or maybe you check them for the latest sales and deals at your favorite stores. If you receive an email this season that promises an incredible deal, don’t click on any links or images in the email — it could be an email spoofing your favorite retailer. To ensure that the deal is legitimate, check the email’s language, compare the email to past emails, and go to the store’s website to find the deal or contact customer service to verify the email.

Shipping Scams
With this scam, you’ll receive a fake email from UPS or FedEx informing you that your package was unable to be delivered. To remedy this issue, the email will ask you to click an infected link or open a malicious attachment. If you receive an email like this, ignore it — these services will never email you about undeliverable packages. Further, be wary of any odd-looking emails that contain a tracking number — the link could be fake.

Read More: The 7 Password Mistakes You Might Be Making

How Common is Password Phishing on Android?
Think about the progress that app developers have made over the years, and how advertisers are no longer having trouble displaying ads on smartphones. Malware and malicious attacks have made progress, too. It was only a matter of time before password phishing increased on Androids — and it will likely continue to do so.

Take, for example, the recent Google Docs phishing scam. In this phishing scam, Gmail users would receive a link to a Google Doc from one of their contacts or a seemingly legitimate person. After clicking the link, they would then be sent to a real Google page, where they’d be tricked into giving access to a third-party “Google Docs” app that would request access to all of their account information. Google has since responded to the attack and has issued an update for their Android app to make the app more secure. Unfortunately, Gmail is still vulnerable to future phishing attacks of a similar nature. The attack was so successful because it used real Google pages. This is why it’s important to use Anti-Hacking to ensure you’re always protected — such as when a phishing attempt goes undetected by Google.

Another common password phishing scheme involves the Cloak & Dagger malware. This malware is downloaded onto an Android when you download a malicious app from the Play store. Once it has infected your device, it can then spoof your Android’s appearance in order to carry out phishing attacks. This malware has been able to infect older Android operating systems in addition to the latest operating system, Nougat. As a reminder, you should always pay attention to the language, design, and reviews of an app before downloading it. In order to ensure that your device is free of hidden malware, use Full Virus Scan to check your phone and SD card for threats:

Read More: How to Protect Yourself from Social Engineering Attacks

1. Follow the Strong Passwords and Use Two-Factor Authentication Rule

Your IT department will prompt you to create strong passwords and use two-factor authentication for your professional accounts. Don’t ignore this request, as this is how many companies are breached — employees who ignore this or put it on a to-do list but don’t follow through. Strong passwords are long passwords with lowercase and uppercase letters, symbols, and numbers. Also, apply the same rule to your personal accounts.

2. Be Wary of What You Send Via Email

Email is not a secure form of communication for many reasons, one being that it’s easy to intercept emails. Don’t send any personal information via email or email forms (such as passwords or your Social Security number).

3. Be Suspicious of Unsolicited Emails and Phone Calls

Some unsolicited emails and phone calls are legitimate — but many are not. Many phishing scams are designed to prey on your emotions, and get you to respond with personal information or click on a link out of fear. This approach works, too: it is often most successful when the targeted individual is experiencing personal trouble or hardship, which the hacker can gather from stalking the victim’s social media profiles.

4. Be Skeptical of Emails From Trusted Sources

You should be skeptical of all emails you receive — even if they’re seemingly from a friend, coworker, or your bank. Phishing scams are getting cleverer by the day, and many scammers are able to spoof emails from people you know or else compromise a known, trusted email address. If the language in the email feels “off” or strange — and if that language is accompanied by a link, attachment, or a request for personal information — ask yourself if the email seems legitimate. If you have doubts, reach out to the sender by another form of communication and ask if they sent the email. If you’re at work, alert your IT support department right away.

5. Don’t Mix Business With Pleasure

Be cautious about what you post on social media, especially when it comes to information related to your job. Hackers are more frequently targeting employees’ social media profiles in order to collect personal information that could provide answers to job-related security questions or passwords.

Read More: Twitter Has Signed a New Live Streaming Deal

John Legend’s Hacked Account

Once the hacker gained control of Legend’s account, he posted some amusing and disturbing messages. The poster focused on political subjects, posting tweets about Donald Trump and Hillary Clinton. For example, the hacker called President Trump “a Cheeto.” Some of these political posts were violent or sexual in nature, and when he regained control of his account, Legend was quick to distance himself from them.

John Legend’s Response

John Legend, like his music, was calm about the hacking. In fact, he laughed at the absurdity of the hacker’s messages. In fact, Legend himself started posting on Twitter, letting his fans know that he had been hacked. For example, he posted the Tweet: “Someone just hacked my account” to let his followers know he hadn’t been posting the bizarre messages. He then posted: “I’m back. My hacker was vulgar and kinda hilarious. I’ll try to be funnier from now on so he won’t feel the need to ghost write for me.”  

Chrissy Teigen’s Response

Chrissy Teigen is one of the most popular celebrities on Twitter with her funny and true-to-life tweets. Like her husband, Teigen found the tweets funny. Teigen was clued into the attack on her husband’s social media after one of her followers private messaged her about her husband’s new Twitter bio, which described the singer’s private parts in a less-than-flattering way. It’s not surprising that this happened, though. In fact, Teigen made fun of her husband the same week his account was hacked, comparing him to the animated aardvark, Arthur, on her own Twitter account.