- slide 1 of 2
Phishing is the act of sending a succession of emails, text, websites and other content to you in an attempt to tempt you to click on certain links and provide precious data for an attacker’s use. Reports indicate that about 5% of users still fall for these gimmicks and find themselves victims of this vandalism by rogue computer geeks. Are there ways to prevent ourselves from Phishing? Yes, very much so. But if you thought that looking for that little “Lock” icon at the bottom right corner of the browser would mean you are safe, you are kidding yourself. You need to look for more. Here are a few points:
Email isn’t for supplying information, especially if you don’t know whom you are giving it to.
Come what may, avoid the temptation of sending your personal details, (especially financial details like bank account numbers, trading account numbers, etc) through the email. Most companies now have policies that they swear NOT to solicit you with any emails requesting personal information, whatsoever. In any case, if you do get an email claiming to be the bank/trading company you are involved with, give them a call and find out for sure. Whatever you do, don’t click on that link. A detailed explanation on how Phishing is done using email has been explained in an article at Phishing Delivery Mechanisms: Know Your Enemy (Email and Spam) – Part 1
Been Abused? Report Immediately
If action is taken quickly each time someone is attacked, these phishing attempts can all be thwarted promptly. The banks, financial institutions and other such companies you deal with will be more than pleased if you report these phishing attempts (impersonating the very companies you are talking to). It is a matter of immense risk for them if it goes unchecked (Risk for you too, I thought it didn’t need a mention). The more you report or encourage others to report, the more data and information we have in our arsenal, the more we are aware and the less our chances of being victimized.
See a link? Great! Now type in the actual site and go there directly
You see a link in your email as mentioned above or you could see an attractive banner that claims to get you returns of a whopping 28% year on year on your portfolio? Do yourself a favor by heading over to that site directly instead of clicking on either that link in the email or the banner you saw on a website. (Banners can be a form of Web-based Phishing attack covered in an article called Phishing Delivery Mechanisms: Know Your Enemy (Web Based Attacks) – Part 2
Check if the site is secure
This goes beyond the cute little Padlock icon on the bottom right. Of course it signifies “secure” and reeks of the “SSL (secure Socket Layer”, but some phishers are smart enough to know that. So this shouldn’t be the final check point for our safety – What you ought to be looking for is certainty that this “padlock” icon is in combination with the URL that should start with the https:// protocol.
Updated Software can prevent Phishing
By regularly updating and keeping tabs of your software, (including the mandatory anti-virus software that you really must have), you are already half-way towards successful phishing prevention. You must remember that phishing (some forms of it, at least) can happen due to loopholes in software coding and the like. Updating your software regularly patches up these loopholes and eliminates many phishing attempts.
- slide 2 of 2
Common types of attacks that you should know
Phishing Delivery Mechanisms: Know Your Enemy (Man In The Middle Attacks) – Part 3
Phishing Delivery Mechanisms: Know Your Enemy (URL Concealment or Obfuscation Attacks) – Part 4