How can I help prevent phishing attacks on family members
While visiting family for the holidays, a family member received a "paypal" email asking for account updates. She clicked on the link, provided her login information and started filling out a form until she asked us about it.
Looking at it together, this was clearly a phishing scam, but she had already given them her password.
We changed her password, added two-factor authentication, and had a long discussion about not clicking on any banking-related links in emails.
Still, it remains that if we were not here, she might have either continued to provide information, or not changed her compromised password.
Are there any tools available that could help prevent banking-related phishing scams from happening in the first place, or detect when those occur to family members?
She is using Internet Explorer and has a hotmail account... changing those habits is probably not so easy.
(2)2 Comments
Sorted by latest first Latest Oldest Best
This is more psychology than anything else. I've been in your shoes several times, even with more tech savvy individuals in my family (and I've seen IT professionals even get beat by clicking on phishing link tests sent from the security team). The best method I could come up with was the "post-it note reminder" method. Have them take a note and write "don't click on links in emails" and tape it to their monitor. I try to train them to only use their bookmarked links or to navigate to the site directly by typing in the URL they know is safe rather than clicking on any links in emails. Even if it's an email from me.
Well, one strategy is to phish her yourself. After enough times of clicking on a link only to be told she's been fooled, she'll probably start being more suspicious. That does run the risk of ill feelings, though.
Another strategy is that if she doesn't know her own password, she can't give it out. If she has a password manager that checks SSL certificates, then unless the password manager or the SSL certificates get hacked, the password manager simply won't give the password out to a phishing site. Also, many sites have the option of personalizing the login screen, the idea being that a phisher won't know how you've personalized the screen.
Terms of Use Privacy policy Contact About Cancellation policy © freshhoot.com2025 All Rights reserved.