Staying safe online: tips on how to protect your Bitwala account from phishing emails

SecurityMay 16th 19
phishing-attack

The internet is a wonderful and vast playground, but it’s not always the safest place. Phishing email attacks are becoming highly sophisticated and difficult to identify, in 2018 alone there was a total of 482 million phishing attempts recorded and those numbers aren’t dwindling.


More than ever it is extremely important to stay up to date on how to keep your computer, information, and of course, your money, safe and secure.

What is phishing?

Phishing is a made up word stemming from ‘password’ and ‘fishing’. It’s an attempt by scammers to acquire your personal information, such as usernames and credit card details by posing as someone you trust, like Bitwala. They might try to contact you through emails, text messages or even phone calls, asking you to hand over your login credentials or personal information to access your online accounts for their personal gain. In some cases, they might try to let you log in on a fake website that resembles the one of a company you trust.

Just as we internet users have evolved to defend against internet attacks, so have fraudsters evolved to better scam us. The kind of information phishing emails are trying to obtain and their approach to gaining is constantly evolving and improving; so it’s better to stay extra vigilant.

What are the warning signs?

Unfortunately, there is no one solution to defend against phishing attacks, but the more familiar you become in spotting them, the better prepared you can be in protecting your information.

Phishing emails are designed to create a false sense of security. The emails appear realistic, intrusive, and more often personalised to create a sense of authenticity. Here are some tips to help you self-assess if an email is legitimate or a potential phishing attack:

How can I spot a phishing email attack?

Phishing email checklist

1. Check URLs

Only use your login from the official Bitwala destination (ie. Bitwala: https://www.bitwala.com/). You should always double-check login information in the URL browser to ensure you’re at the correct destination. Phishing websites can appear legit, which means it’s important to perform your due diligence.

2. Check links

Never click on a link that refers to some action that you didn’t confirm. For example, if an email tells you to reset your password or confirms your details again, kindly ignore and report.

If you're unsure about an email, hover your mouse over any links you see in the body of the message before clicking on it to reveal its true destination. The destination will be shown either in the lower corner of your browser/email client or will appear next to the link. Depending on your email client, most malicious actors will try to send you an attachment containing a malware if he can’t get you to click on a link they sent in the same previous mail.

Your turn: try to find which of the following links will send you to Bitwala, and which one will send you to an example website:

https://www.bitwala.com

https://www.bitwala.com

3. Check content and spelling

Spelling errors? Grammatically incorrect? While it’s not hugely uncommon for companies to make the occasional mistake in their communication, anything appears outwardly misspelt should ring some alarm bells that requires further investigating.

Most phishing emails use generic greetings such as “Dear Valued Customer.” It’s always best to double-check the content to get a feel of the email.

4. Don’t trust the “display name”

Don’t get caught out by email spoofing. Email spoofing is when an attacker forges an email so that it appears the email has been sent by someone else. This is either done so that the entire name and email address of the sender is a forgery, or in more straightforward cases, just the name of the sender.

5. Don't open suspicious and/or unexpected attachments

Some phishing emails will try to get you to open an attached file. They will often contain malware aimed to infect your device. If you open them you might unknowingly give access to the data on your system, or in worst cases lose access (ransomware). Be very alert when you get an unexpected or suspicious attachment in an email.

Let’s see how well you do with a “real life” example.

Suspicious Email Example from “Example” Support Team.


example-support


Things are not what they appear - can you spot the suspicious email sending address?

phishing spot

The "fake" emails above are a typical examples of what to expect from a phishing email attack. Note how the “sender” name seems perfectly legitimate (Support Team) until you check the ‘sender’s detail’ and review closely.

What can I do to protect my email account from phishing?

Protect yourself with a unique password for every service

The best way to keep yourself protected online is to use strong, unique passwords for every account you create online. Choose a password that only you know. That way, even if your data for one site is compromised, the others stay secure. If you use the same password for the majority of your accounts, it’s easier for phishers to access your private information from multiple platforms, causing more harm.


Enable two-factor authentication

2fa



A strong password is great, but it’s even better when you’ve partnered it up with two-factor authentication. 2FA is a method of confirming your identity by using a combination of two different factors: 1) something you know, and 2), something you have.



In Bitwala’s case, the second factor is confirmation from your mobile phone. Activating this feature ensures a ‘double-layer’ of protection to your Bitwala account and acts as a secondary confirmation that the person accessing your account is really you.

Unsure how to activate 2FA on your Bitwala account? You can find a simple step-by-step guide here.

Use a password manager

Although most password managers are free, many come with premium features that let you securely synchronize your passwords across your many devices. Password managers enable you to back up your passwords online, securely while protecting your account.

Don't open suspicious and/or unexpected attachments

Some phishing emails will try to get you to open an attached file. They will often contain malware aimed to infect your device. If you open them you might unknowingly give access to the data on your system, or in worst cases lose access (ransomware). Be very alert when you get an unexpected or suspicious attachment in an email.

Safety while using Bitwala, whether it be online banking or trading, is an integral part of our mission. We want all our customers to feel safe online.

Be alert: Notice something particularly phishy in an email? Report anything you might find suspicious to support@bitwala.com

Zoe Faircloth