Phishing is a form of social engineering technique used by hackers to gather sensitive information such as usernames, passwords and credit card details by posing as a trustworty person/organization. Since most online users are unaware of the techniques used in carrying out a phishing attack, they often fall victims and hence, phishing can be very effective.
With the dramatic increase in the number
of phishing scams in the recent years, there has also been a
steady rise in the number of people being victimized. Lack of awareness
among the people is the prime reason behind such attacks. This article
will try to create awareness and educate the users about such online
scams and frauds.
Phishing scams usually sends an email
message to users requesting for their personal information, or redirects
them to a website where they are required to enter thier personal
information. Here are some of the tips that can be used to identify
various phishing techniques and stay away from it.
Identifying a Phishing Scam
1. Beware of emails that demand for an urgent response from your side. Some of the examples are:
- You may receive an email which appears to have come from your bank or financial organization stating that “your bank account is limited due to an unauthorized activity. Please verify your account asap so as to avoid permanant suspension”. In most cases, you are requested to follow a link (URL) that takes you to spoofed webpage (similar to your bank website) and enter your login details over there.
- In some cases, phishing emails may ask you to make a phone call. There may be a person or an audio response waiting on the other side of the phone to take away your credit cards details, account number, social security number or other valuable data.
2. Phishing emails are generally not
personalized. Since they target a lagre number of online users, they
usually use generalized texts like “Dear valued customer”, “Dear Paypal
user” etc. to address you. However, some phishing emails can be an
exception to this rule.
3. When you click on the links contained
in a phishing email, you will most likely be taken to a spoofed webpage
with official logos and information that looks exactly same as that of
the original webpages of your bank or financial organization. Pay
attention to the URL of a website before you enter any of your personal
information over there. Even though malicious websites look identical to
the legitimate site, it often uses a different domain or variation in
the spelling. For example, instead of paypal.com, a phishing website may use different addresses such as:
- papyal.com
- paypal.org
- verify-paypal.com
- xyz.com/paypal/verify-account/
Tips to Avoid Being a Victim of Phishing
1. Do not respond to suspicious emails
that ask you to give your personal information. If you are unsure
whether an email request is legitimate, verify the same by calling the
respective bank/company. Always use the telephone numbers printed on
your bank records or statements and not those mentioned in the
suspicious email.
2. Don’t use the links in an email,
instant messenger or chat conversation to enter a website. Instead,
always type the URL of the website on your browser’s address bar to get
into a website.
3. Legitimate websites always use a
secure connection (https://) on those pages which are intended to gather
sensitive data such as usernames and passwords, account numbers or
credic card details. You will see a lock icon 
in your browser’s address bar which indicates a secure connection. On
some websites like paypal.com which uses an extended validation
certificate, the address bar turns GREEN as shown below.
In most cases, unlike a legitimate
website, a phishing website or a spoofed webpage will not use a secure
connection and does not show up the lock icon. So, absence of such
security features can be a clear indication of phishing attack. Always
double-check the security features of the webpage before entering any of
your personal information.
4. Always use a good antivirus software,
firewall and email filters to filter the unwanted traffic. Also ensure
that your browser is up-to-date with the necessary patches being
applied.
5. Report a “phishing attack” or
“spoofed emails” to the following groups so as to stop such attacks from
spreading all over the Internet:
You can directly send an email to spam@uce.gov or reportphishing@antiphishing.org
reporting an attack. You can also notify the Internet Crime Complaint
Center of the FBI by filing a complaint on their website: www.ic3.govcomment and share to your frends!
0 reactions:
Post a Comment