Phishing is a popular method to capture personal data such as passwords, transaction numbers and credit card details. The company I´am working with locks several user accounts each day to prevent harm done to them due to phishing. It normally starts with an email asking you to update your profile, to download a security update or a email that reveals that you are the highest bidder of an eBay auction (that you do not know about).
To make this work they have to capture your data on one of their servers. A link is always provided in the email which looks pretty normal, e.g. http://www.ebay.com/. You might know that the html link tag is able to provide a link and a text that is shown instead of the link. Those criminals use this to their advantage showing ebay.com and directing the user to a different location.
Onwards to the tips:
- Phishing only works if you click on a link that leads to a website that looks similar to the one you want to visit. If you do not click a link in the email but enter the url of the company directly in your browser window you are save. This is the best tip to prevent phishing at all. Do not follow email links.
- If you receive an email asking you to call a company compare the phone numbers and use the ones that you know and not the ones mentioned in emails. Social Engineering is a rising threat as well. Most people do not know that phishing can also happen by phone. Check the phone numbers in emails.
- You receive an email stating that you are the highest bidder for a golden ring on eBay or that your phone bill is incredibly high and that you can verify the bill by clicking on the document attached. Use your brain. You know that you are not the highest bidder and that the phone bill can´t be real as well. To check the first type in the url of eBay in your browser, you will see there is no such auction. Call your phone company in the second one and they will verify that this is a phishing attempt.
- Always verify that you are at the right website before entering data. Firefox 2 and Internet Explorer 7 will have anti-phishing tools on board but it is always a good idea to verify this for yourself. Look at the url, is it the right one ? It should normally be a https:// website which can be verified by looking at the yellow padlock in the status bar. If you click it you will see the certificate and you can compare the certificate to the one of the company that you want to visit. (some company’s store the certificate information on their webservers, some don´t, call them and you will receive this information.)
To sum it all up. People like you and me will most likely detect fake websites and act accordingly. Normal users have a hard time identifying those websites and are the main phishing targets. They don´t know about the technical possibilities and simply assume that everything is alright.
Maybe because they are lazy, maybe because they do not want to spend time learning computer stuff. Who knows. Phishing will stop if the majority of users are educated and know how to handle computers.
Like such posts? Get updates via RSS NEWS FEED. Love Ghacks? Find out how you can help!
Related Posts
4 Users Commented In This Post
Subscribe To This Post Comment Rss Or TrackBack URL