The private testing has started!

Blog How to prevent phishing attacks

Phishing is the most common attack method for cybercriminals. Criminals impersonate themselves as trusted entities in digital communications.

Banned signs on a hooked email and a bug

What is phishing?

Phishing is an online attack in which criminals attempt to obtain sensitive information (such as usernames, passwords, credit card numbers) by impersonating themselves as trusted entities in digital communications.

Phishing is usually performed through email spoofing, instant messaging, and text messaging. It often leads users to enter personal information on fake websites that match the appearance and style of legitimate sites.

For example, a criminal sends a fake email asking you to click on a link or download an attachment. It may look like a bank, credit card company, email provider, or popular online service (Facebook, Google or Amazon).

Phishing attacks may also rely on malware. These attacks do not try to trick you into entering a password. It instead tricks you into clicking a link to an infected website, opening an infected file, or installing malware on your device. For example, an attacker who pretends to be your bank may send a file looks containing recent transactions. However, opening the file will install a virus on your computer.

Phishing is the most common attack method for cybercriminals. A report from the FBI's Internet Crime Complaint Center shows phishing is top three crimes reported by victims in 2020. It recorded twice as many phishing incidents as any other type of computer crime. Phishing is a very profitable method of attack because thousands of people become victims every year.

Fortunately, you can avoid phishing scams if you know how to identify and prevent phishing correctly because of their universal nature.

Tips for anti-phishing

As long as you remain vigilant and abide by the following rules, it is not difficult to resist phishing attacks. Here are simple steps to identify and prevent phishing scams:

Even if you know the sender, it is generally not recommended to click a link in an email or an instant message. Hover your mouse over the link and identify if the target location is correct. Some phishing websites look like the original site, but they can record keystrokes or steal login/credit card information. Instead of clicking the link, we recommend you access the site directly from a secure search engine.

Don't provide your information to any insecure website

A website without a security certificate might not always be a phishing scam, but it's riskier. If a website URL does not start with "HTTPS" or without a closed padlock icon before the URL, do not enter any sensitive information or download files from that website.

Periodically rotate passwords

You should regularly rotate your password if you have an online account to prevent attackers from gaining unlimited access. Adding an extra layer of protection through password rotation can prevent continued attacks and lock out attackers.

Protect your password

Any organization will not ask for your password through email. Please do not enter your password, if:

  • You receive an unsolicited email that asks you to enter your password;

  • Or a link that takes you to a suspicious website and asks you to provide credentials.

Liverado will never send you unsolicited emails or other communications that ask you to provide Liverado credentials.

If you experience login issues, our support team may ask you to provide login details and information. But this will only happen if you have contacted our support team.

We will never communicate with you from any non-Liverado accounts. The only email addresses our support team uses are:

support@liverado.com

security@liverado.com

Updates

Security patches and updates are released to keep up with the latest network attack methods by patching security vulnerabilities. If you do not update your browser, you may be exposed to phishing attacks due to known vulnerabilities that are easy to avoid.

Protect your email address

In order to attack you, the attacker must first know your email address. You can't hide your address, but you can keep a separate email address for different purposes.

Please don't use your business card email address for your bank account, loan, or other sensitive accounts. Choose a safe and secret email address to communicate with the sensitive information. And you don't share the email address with everyone.

With Liverado, you can use multiple addresses to keep your private address secret.

For instance, if the address you use in a public place is Bob@liverado.com, you can create a second address Bob_J@liverado.com to be used only for sensitive accounts (such as online banking).

Your email addresses
1 Bob@liverado.com For business
2 Bob_J@liverado.com For sensitive information
3 Bob_w@liverado.com For friends and families

Suppose a hacker pretends to be your bank and sends you an email to Bob_w@liverado.com. You can quickly identify the email as phishing because Bob_w@liverado.com isn't your online banking email address.

Check the email you received carefully

Phishing emails are usually easy to identify because they rarely handle everything correctly:

A phishing email is usually not an official communication account. For example, an attacker may target a specific Liverado user, and the user may receive an email sent from Jac@liverado.mail.

The link contained in the phishing email is also not an official website. For instance, the link in the email may go to Liverado1.com instead of Liverado.com. Liverado provides a link confirmation function, which can help you verify that the link you are following is not malicious.

Phishing emails can also look like they come from someone you know, but there will be subtle changes. Such as Johnsmith@liverado.com instead of Johnsnith@liverado.com (can you see the difference?)

Note: These accounts and URLs sometimes look similar to the real ones in appearance, so be sure to double-check.

Please keep in mind that communications from Liverado will always come from one of the following official Liverado accounts:

  • support@liverado.com

  • abuse@liverado.com

  • security@liverado.com

Moreover, we only use the following domain:

Liverado.com

As additional protection, automatic emails sent by the Liverado team will be marked by default.

Liverado email phishing protection

Liverado provides anti-phishing protection, a unique set of features designed to protect against phishing.

Set up a unique phrase for Liverado website

To prevent login to a fake Liverado website, you can set a unique phrase (only you know) for the website.

For example, you can set up "cool as a cucumber" as your logging phrase. The system will show you the phrase whenever you log in to the Liverado website. So you know this is not a fake Liverado website.

Identify the legitimacy of an email with a lock sign

Sender spoofing is not possible between Liverado addresses or Liverado-hosted domains. If the "From" address is Bob@liverado.com and has a lock sign, you can assume that the message was indeed sent from that account. Since the address was not spoofed, it may not be a phishing email. With Liverado, you can significantly reduce your or your business's exposure to phishing.

DMARC Protection

Liverado also supports DMARC, which helps identify emails that may be spoofed. For example, when you open an email that has not passed DMARC certification, the system will show a red warning notification. It would be best if you verified the authenticity of the email with the sender.

Hackers don't always fool you to share sensitive data. If they can deceive you long enough to make you click a malicious link, they may still compromise the security of your device. To prevent this, Liverado's "Link Confirmation" can help you identify suspicious links without putting your device in danger. After enabling link confirmation, a window will pop up whenever you click the hyperlink contained in the message. The pop-up window will display the full URL of the link, allowing you to check if the link is suspicious.

Report phishing emails to our support team

If you receive an email suspected of a phishing attack, please do not click links or download attachments. And please report the email to us. We created an easy way to report emails to our support team, who will analyze the headers and content to improve our spam filter.

If you get into trouble due to a phishing scam, you should take some steps immediately to restore and protect your account:

  • Go to Settings -> Accounts and confirm that the hacker has not changed or send a reset/notification email.

  • Click the link you receive. On the same Accounts page, change your password.

  • Then go to Settings -> Security and enable two-factor authentication (2FA). This ensures that hackers cannot break into your account even because they cannot access the 2FA device.

  • On the same Security page, enable the Advanced Authentication Log, which allows you to track when and where someone is accessing your account or where they are trying to access.

Ready to join Liverado? Start your free 14-day trial today.