I. WHAT IS PHISHING? 🤔

Before we jump into how we can detect phishing attacks before it’s too late and how we can remove it, let’s take a step back and cover what phishing is and why it’s so tricky to combat it. The term “Phishing” as you can see, it’s a broad term, it does not refer to the activity “Fishing”.

II. WHY IS SO DANGEROUS? 🚨

No one wants to share their passwords or even worse, credit card info with anyone, let alone strangers. Hackers are building malicious scripts For example last year, 76% of businesses reported to be a victim of phishing attacks and this percentage is likely to increase this year.

For example, a phishing attack that occurred recently, a group of hackers used the phishing website technique. They inserted about 22 lines of code onto the website of the biggest Airline in Great Britain, British Airways. These few lines of code were directing a part of their users to a phishing website, where they were asked to log in and type their credit card details. The hacking group succeeded to get the information on almost half a million British Airways customers. The Airline has been fined recently with approximately £183 million because they failed to protect their data under GDPR rules.

III. HOW WE CAN DETECT IT AND PROTECT OURSELVES FROM IT? 🟢

One of the most known ways to reduce the phishing attacks are spam filters, the spam filter you are using may keep a good chunk of the phishing e-mails out of your inbox. However, hackers try to outsmart and evolve their techniques, therefore a spam filter won’t keep you safe at 100%. To make sure you strengthen your security, you can for example add extra layers of protection. Below you can find five steps you can follow to protect yourself from phishing attacks.

1️⃣ Protect your files by backing them up

This technique can save you hours of work. For example, in the case where your website gets infected, you can simply restore a previous version of the website before the files were corrupted.
One important thing though, it is recommended to do not have the backups connected to your home network. Make sure that these backups are copied and saved on an external hard drive or cloud.

2️⃣ Using multi-factor authentication

As you might know, if you are a Facebook user, they use multi-factor authentication as well, because it does offer extra security by requiring an extra layer of security in order to login into your account. The extra layer of security consists in:

🔶 A passcode you normally get via text message or e-mail or an authentication app
🔶 A scan of your retina, your fingerprint, or your face

3️⃣ Security Awareness Training

Most of the time phishing attacks don’t try to bypass security technologies, instead they try to exploit human error in order to be successful. For example, moments when humans are reusing passwords, or when they are being tricked in clicking an URL on a well-crafted webpage or emails.
Scammers also exploit the fact that most people do not know a lot of things about cyber security, that’s why security awareness training is really important in order to combat phishing attacks.

If you have a business yourself and you are interested in cybersecurity training, I encourage you to check the following link -> https://www.expertinsights.com/insights/the-top-security-awareness-training-platforms-for-businesses/

4️⃣ Install an Antivirus on your computer and make sure to update your OS each time you have a new version available.

An Antivirus can save you from a lot of pain in cases where you are a beginner in using a computer and navigating on the internet. For example, an Antivirus will notify you at the moment when you have entered a dangerous page that might cause a lot of damage to your files saved on that computer.

5️⃣ Protect your phone by installing the software updates each time they pop up.

Studies from October 2020 say that 3.5 billion people are owning a smartphone, this is equivalent to 44.81% of the world's population. The higher the numbers are, the higher the chances for scammers to scam people who do not take cybersecurity seriously.

IV. HOW WE CAN REMOVE IT IF OUR FILES ARE INFECTED? 🧲

There are different ways to remove phishing attacks from different kinds of circumstances. However, in this article, I am going to show you how you can remove corrupted files and fix your website.

Because WordPress is the most popular CMS platform, with over 75 million websites, I will focus this paragraph on the websites built in WordPress.
The easiest and efficient way for WordPress Websites from what I experienced, to remove corrupted files, is using the plugin Malcare -> (https://wordpress.org/plugins/malcare-security/).
With Malcare you can easily detect hard to find malware, unlike other malware scanners.

Malcare takes a different approach compared to other softwares, it does check the performance of the code that should run within your Wordpress Website. If something seems strange, Malcare will notify the user and will remove the portion of code that seems corrupted.

Phishing pages does exploit the vulnerability on the websites, therefore make sure you update all the plugins that you use and even those that you don’t.