Ukraine has already made significant progress in the digitalisation of the public sector and business. However, many organisations do not have enough resources to implement not only high-quality digital solutions, but also means to protect themselves from digital threats. That is why the Victory Code project, in addition to providing digital assistance to military units, NGOs, charities, educational and medical institutions, has a cybersecurity component. 

Digital transformation is a key factor in efficiency. Organisations, military formations and public utilities need digital tools to optimise their operations, raise funds, recruit, disseminate information, etc. However, along with opportunities, digitalisation also brings risks. Cyberattacks, disinformation, and data leakage are threats faced by organisations operating in the digital space.

To disseminate information about cybersecurity and effective tools that will protect the activities of Ukrainians in the digital space, we will publish a series of materials called ‘Cybersecurity Practices’. The first text is about phishing.

‍

WHAT IS PHISHING

Phishing is an attempt to obtain your personal information or compromise your accounts through emails, messages, ads, or websites that look like those you already trust. For example, you may receive an email — purportedly from your bank — asking you to provide sensitive bank account information.

Attackers in phishing emails or other misleading content may:

• ask you to provide them with your personal or financial information;
• urge you to click a link or download software;
• pretend to be a trusted organisation, such as your bank, a streaming platform, a social network you use, or a company you work for; 
• impersonate someone you know, such as a family member, friend or colleague;
• make the message look like it was sent by your company or a person you trust.

A successful phishing attack can have serious consequences. For example, cybercriminals can steal money from credit cards, deny you access to photos, videos, and other files, or impersonate you and threaten your friends.

As for the risks for companies, your employer may lose money, and personal data of customers and employees may be leaked. In addition, cybercriminals can steal confidential files or block access to them. In most cases, these consequences are irreversible. However, there are a number of solutions that can help protect against phishing at home and at work.

‍

HOW TO PROTECT YOURSELF FROM PHISHING

1. Be alert to suspicious emails and messages

Do not open emails if you do not know the sender or the message looks suspicious.

Pay attention to mistakes in the text, strange appeals, or overly tempting offers.

Do not follow links from such emails or download attachments.

2. Check sender addresses and links

Attackers can disguise an email address as a familiar one, for example: support@go0gle.com instead of support@google.com.

Hover your cursor over the link without clicking to check where it leads.

3. Do not enter personal information on unfamiliar websites

Reliable companies never ask for passwords, card details, or other confidential information via email.

If in doubt, it is better to contact the company's official support. You can find their contacts on the official website.

4. Use two-factor authentication (2FA)

This makes it harder for someone to access your account even if they have your password.

5. Keep your software up to date

Use antivirus and keep it up to date.

Regularly update your operating system, browser, and email clients.

6. Do not use the same password

Each account has its own unique password.

Use a password manager to help you keep them safe.

7. Be aware of phishing in social media and messengers

Do not click on suspicious links, even if they were sent by a ‘friend’ — their account could have been hacked or a fake one created. Ask them directly if they really sent the message.

8. Take cybersecurity training

If you work for a company, take part in information security training.

In addition, learn on your own. Educational platforms have both paid and free online courses. For example, training on the Diia.Osvita platform, the course ‘Information Security Fundamentals’ from Prometheus.

Thanks to the training, you will be able to recognise fraudulent schemes faster and protect yourself from cybercriminals.