Ever heard the term Phishing ? I assume you are familiar about the term, ain’t you ? So what exactly phishing is ? It might be an old term for some internet users , but not to forget there are billions of internet users and there are millions of users who get trapped in phishing scam.So, Let’s learn something about Phishing first then will move ahead on How to detect and avoid Phishing .
What is Phishing ?
Phishing is a social engineering technique which is used by an hacker/attacker to steal sensitive information such as username,password, credit card credentials by posing as a trustworthy person or an organization . Nowadays people are so engaged in online stuff that they are unaware of such common attack . A hacker or a attacker can trap anybody easily in their phishing scam , it’s all depend on the user how smart they are to detect and avoid it .Phishing isn’t a malware but that doesn’t mean that it’s any less of a threat. Every internet user should be aware of phishing .
Types of Phishing Attack :
1.Deceptive Phishing : In this type of method a hacker uses a decpetive email to scam user.Hacker sends a bulk of deceptive emails which command the user to click on link given in the mail .Hacker then call to action contains daunting information about the user account.Hacker then collects the confidential information given by the user.
3.Phone Phishing : In this type of phishing a hacker poses himself/herself as a trustworthy person of any institution or a company and phish out some sensitive credential from them over phone . This method doesn’t need any website neither it need any kinda email.
4.Tabnabbing : It is the latest of them all it is discovered by Aza Raskin . Tabnabbing is a method where when a user is browsing with multitab opened it automatically ( silently) redirects to an attacker’s site .
5. Evil Twins : It is technique where an attacker creates a fake wi fi network that looks similar to a legimate network that may found in public places .When anyone tries to connect to it , the hacker captures their credentials.
How to identify a Phishing Scam ?
1. If you see an email which asks for personal login information or any such personal information.For example you may receive an email from your bank or any institution or organization stating “Your account is going to be closed soon due to unauthorized activity verify your account to avoid suspension” if you get any such email you should not respond to those emails . You might also get an email saying “you won a JACKPOT of $10000″ provide your information to claim your prize money , never believe on them . Be smart and avoid this kind of emails .
2. Phishing emails are not personally targeted , it does personalized but in most cases the emails are sent out in mass.As they target random online users they may greet you with “Dear valued customer ” “Dear paypal user” etc.They won’t use your personal name .So if you see something like that then think that you are in phishing radar .
3. If you click on phishing url you might redirect to a website which exactly looks like the original site but beware it can be phishing site.Always look at the url to detect if it’s a original website or a phishing website(fake website)
How to Avoid Phishing ?
1.Do not respond to suspicious email: Never ever respond to a suspicious email that asks for personal information . Always look out of the source before responding and clicking on any link.
2. Keep Antivirus Up to date : Always keep your antivirus up-to-date , as AV vendors have latest virus signature that protects some common technology exploit like Phishing . Most of the antivirus nowadays detects Phishing website (Provided they are up to date). If it is not up to date you might be more susceptible to a threat .
3. Avoid Clicking on Hyper Link : When you check in an email , do not click or avoid clicking hyperlink especially if you get an email from untrusted source . You never know where you will get redirected or it might trigger a malicious code. Some hyper link may take you to the fake website there by asking you for some credentials to login.
4.Verify https (SSL) : Legitimate website always use SSL in their login page . Whenever you provide any sensitive information such as username , password or credit card details always look at the url for the https connection i.e a secure connection which uses SSL (secure socket layer) . It basically encrypt the credential you send over the network .The url should start with https:// rather than http:// and also look for the lock icon’‘ in extreme left of address bar. See the below image .
5. Use Anti-Spyware and Firewall : You can always use a spyware and a firewall to avoid Phishing to some extent .You can use firewall like Zone alarm . Also you can use an effective spyware and scan using spybot to avoid suspicious activity on your computer.
6. Secure the host file : Hacker always attack on host file of a computer, configuring the host file to read only mode may solve the problem .Never provide a write permission to host file.But best protection can be done through firewall which blocks any tampering by outside attacker.
7. Educate yourself : Educate yourself and keep yourself update to the latest security threat .Learn how to detect and avoid them.A little research and search on internet may save you from huge loss.
8. Report Phishing : If you find any suspicious link or any spoofed website or any suspicious email then do report it to email@example.com or firstname.lastname@example.org . You may also report to Internet Crime Complaint Center of the FBI on their website: www.ic3.gov.