ghacks Technology News

Anti-Phishing Tips

Phishing is a popular method to capture personal data such as passwords, transaction numbers and credit card details. The company I´am working with locks several user accounts each day to prevent harm done to them due to phishing. It normally starts with an email asking you to update your profile, to download a security update or a email that reveals that you are the highest bidder of an eBay auction (that you do not know about).

To make this work they have to capture your data on one of their servers. A link is always provided in the email which looks pretty normal, e.g. http://www.ebay.com/. You might know that the html link tag is able to provide a link and a text that is shown instead of the link. Those criminals use this to their advantage showing ebay.com and directing the user to a different location.

Onwards to the tips:

  • Phishing only works if you click on a link that leads to a website that looks similar to the one you want to visit. If you do not click a link in the email but enter the url of the company directly in your browser window you are save. This is the best tip to prevent phishing at all. Do not follow email links.
  • If you receive an email asking you to call a company compare the phone numbers and use the ones that you know and not the ones mentioned in emails. Social Engineering is a rising threat as well. Most people do not know that phishing can also happen by phone. Check the phone numbers in emails.
  • You receive an email stating that you are the highest bidder for a golden ring on eBay or that your phone bill is incredibly high and that you can verify the bill by clicking on the document attached. Use your brain. You know that you are not the highest bidder and that the phone bill can´t be real as well. To check the first type in the url of eBay in your browser, you will see there is no such auction. Call your phone company in the second one and they will verify that this is a phishing attempt.
  • Always verify that you are at the right website before entering data. Firefox 2 and Internet Explorer 7 will have anti-phishing tools on board but it is always a good idea to verify this for yourself. Look at the url, is it the right one ? It should normally be a https:// website which can be verified by looking at the yellow padlock in the status bar. If you click it you will see the certificate and you can compare the certificate to the one of the company that you want to visit. (some company’s store the certificate information on their webservers, some don´t, call them and you will receive this information.)

To sum it all up. People like you and me will most likely detect fake websites and act accordingly. Normal users have a hard time identifying those websites and are the main phishing targets. They don´t know about the technical possibilities and simply assume that everything is alright.

Maybe because they are lazy, maybe because they do not want to spend time learning computer stuff. Who knows. Phishing will stop if the majority of users are educated and know how to handle computers.

Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.

Related Articles:

Phishing Protection Tips
Realtime Anti-Phishing Add-on for Firefox gone bad
How to defeat Phishing
New Phishing Mail Tactics
Phishing Explained



About the Author:Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook or Twitter.

Author: , Friday July 14, 2006 -
Tags:, ,

Previous Post: Music Industry lobbys for Copyright Shift

Next Post: Secure Password Generator

Click on the following link(s) to read more about Advice, Security

Responses so far:

  1. Martin says:
    July 14, 2006 at 7:39 am

    Missed one tip. Make sure your host file was not changed. You can specify the IP of a url in that host file which will override the Nameservers. Means you could add an entry like 85.10.210.166 www.ebay.com

    This would mean that if you type www.ebay.com in your browser you would be directed to my webserver..

    Reply
  2. Luke says:
    July 14, 2006 at 2:09 pm

    One of my collegues actually did a scientific study on pishing, and the effect of user education about pishing. He presented it at the ITiCSE 06 conference.

    You can download the actual paper, and powerpoint slides from here.

    Reply
  3. Martin says:
    July 14, 2006 at 2:26 pm

    Interesting read Luke, thanks for that link. I personaly think that phishing success would be minimal if users would know what it was and how it worked.

    Reply

Leave a Reply   Follow Ghacks   Subscribe To Comment Rss

Subscribe without commenting

 Ghacks Technology Newsletter 
Ghacks Daily Newsletter

Recent Posts


Follow This Blog

Ghacks Newsletter
RSS Feeds
Google+ Page
Facebook Fan Page
Twitter



Popular Articles

Popular Searches

Popular Tags

Topics

Links

About Ghacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular latest tech news sites on the Internet with five authors and regular contributions from freelance writers.

Services

Authors

Martin Brinkmann
Melanie Gross
Mike Halsey
Ryan D. Lang
Jack Wallen

© 2005-2012 Ghacks.net. All Rights Reserved. Privacy Policy - About Us