What is Phishing?
Phishing is the act of someone trying to acquire information such as usernames, passwords, and credit card details and indirectly, your money, by pretending to be a trustworthy person or organisation. These nearly always do the rounds in an electronic communication of some kind such as an email or even a text message. Communications claiming to be from popular social web sites, auction sites like eBay, PayPal or IT administrators are frequently used to lure the unsuspecting person. Phishing emails often contain links to websites that are infected with malware. Malware is short for malicious or malevolent software. This software is used or created by attackers to disrupt computer operation, gather sensitive information, or gain access to peoples private computers.
Phishing is usually carried out by email or instant messaging,and it often directs users to enter their details into a fake website that looks very similar, or possibly identical to the legitimate site. Phishing is used to deceive users,and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
A lot of computer users and even quite a few IT professionals have been confused about the actual defition of a “phishing” attack. So what exactly is a phishing attack? A phishing attack is when you receive an official looking email from an online banking or financial institution, as mentioned above, it could even be eBay or PayPal, or any other service that deals with money. The email invites you to click on a link and confirm your login and password to that particular institution, even worse, some ask you to enter your account number or credit card number.
When you click on the link, you are sent to a Web page that looks very similar to the genuine Web site, but sadly it’s not. You are actually sent to a fake page that is controlled by the villain who is behind the phishing scheme. As soon as you type your account login, password, account information or credit card number, the hackers capture the information and then commit identity theft by using your credit card or stealing money from your account.
Some of these schemes are pretty easy to spot whereas others are extremely sophisticated and the trusting or unsuspecting person can easily be fooled. Below are some ways that you can avoid becoming a victim of phishing scams.
- Keep your antivirus up to date – One of the most important things you can do to avoid phishing attacks is keep your antivirus software current. This can prevent things such as a Trojans disguising your Web address bar or mimicking an https secure link. If your antivirus software is not current and up to date, you are far more likely to be the victim of attacks that can hijack your Web browser and put you at risk from phishing attacks. Note: A quick word on the host of free downloads available for anti virus software. Some may be genuine and are simply designed to impress you with a short trial, that you will purchase the full licensed version. Sadly, you rarely get something for nothing and a lot of the downloads out there are banking on you using them as they’re free. Once these are installed on your system, they are free to harvest as much information as the author intended or completely infect your computer with all sorts of nasties!
- Avoid clicking on any hyperlinks included in emails – It’s a really bad idea to click on any hyperlink in an email, this is particularly important when the email is from an unknown source. You never know where the link is going to take you or whether it will set off some malicious code. Some hyperlinks can take you to a fake HTML page that may try to scam you into typing sensitive information. If you really want to see what it’s all about, manually retype the URL into your Web browser.
- Use a reputable edition of anti spam software – Anti spam software can help keep phishing attacks at a minimum. A lot of these attacks come in the form of spam. By using anti spam software, you can reduce many types of phishing attacks because the messages will never end up in the inbox anyway. The warning note at point one applies just as much to free anti spam software as it does to the anti virus software.
- Verify https SSL (Secure Sockets Layer) – Whenever you are typing sensitive information such as credit cards or bank information on the Web, always ensure the address bar shows “https://” and not just “http://” and that you have a padlock icon at the bottom right hand corner of your Web browser. You can also double click the lock to guarantee the third party SSL certificate that provides the https service. Many types of attacks are not encrypted but mimic an encrypted page. Always look to make sure the Web page is properly encrypted. SSL that stands for Secure Sockets Layer and are cryptographic protocols that provide communication security over the World Wide Web.
- Make use of anti spyware software – Help to keep any spyware down to a bare minimum by investing in active spyware software and also scan your system regularly with a passive edition of anti spyware. If you do fall victim to some spyware, anti spyware software can often detect the problem and fix it.
- Keep up to speed on the latest developments and threats – Don’t just rely on the elctronic fixes available out there. Learn how to prevent these types of attacks by researching them on the Web but be aware that just because it’s on the Web, it doesn’t necessarily mean it’s true. By being aware and cautious, you limit the chances of becoming the victim of online identity theft.
- Use a god Firewall from a reputable firm – A firewall can either be software or hardware based and is used to help keep a computer network secure. Its main objective is to control the incoming and outgoing network traffic by analyzing the data and determining whether that data should be allowed through or not. A network’s firewall effectively builds a bridge between an internal network that is assumed to be secure and trusted, and another network, usually an external one, such as the Internet, that is not assumed to be secure and trusted.
- Make regular backups – Ensure that you make regular backups of important data onto a separate storage device. It’s always a good idea to keep a backup in a fire proof safe or even somewhere else altogether, just make sure that you trust the people at that location. Some even keep a backup file in safety deposit boxes but it all depends on how important or sensitive your data is. The data stored on the average laptop is likely to be of less value to the scammers than the data stored in the computer system of a successful business.
- Do not put financial information into pop up windows – A very common phishing technique is to launch a false pop up window when someone clicks on a link in a phishing email. This window could even be positioned directly over a window you do trust. Even if the pop up window looks official or claims to be secure, you should not enter any sensitive information because there is no way to check how secure it really is. Close pop up windows by clicking on the cross in the top right corner. Clicking cancel may send you to another link or even download some malicious code.
- Protect against DNS pharming attacks – This is a new type of phishing attack that doesn’t spam you with emails but poisons your local DNS server to redirect your Web requests to a different Web site that looks similar to a company Web site. A (DNS) Domain Name Service resolves queries for the domain names into IP addresses for the purpose of locating computer services and devices worldwide. For example, the user types in eBay’s Web address but the poisoned DNS server redirects the user to a fraudulent site. This needs to be handled by an administrator who can use modern security techniques to lock down the company’s DNS servers. Note: A Pharming attack will redirect you to a fake Web page even though you have entered the correct address. An example could be that you type the correct URL for your online bank but a fake Web page will appear instead. The term pharming is taken from farming and phishing. Both pharming and phishing are used for online identity theft. Pharming has become of major concern to ecommerce business and online banking websites.
So essentially, in order to avoid any loss of your personal data or damage to your computer system, be aware of what’s out there and take the necessary steps to avoid the criminal elements that lurk out there in cyberspace.