It is time to update the phishing protection article that we published some time ago (see Phishing explained) with the recent news that thousands of Hotmail users (and apparently Gmail users as well) fell pray to yet another phishing scam.
What is phishing? Phishing, which stands for password fishing, is a popular technique to collect data from users without their knowledge. This data is usually sensitive, like credit card information or usernames and passwords.
Phishing involves getting unsuspecting users on specially prepared websites that often look identical to the website the user expects. Phishing evolved in recent time as well thanks to the rise of apps in particular. Apps may also be used to steal account data from users.
Think of this example: A user receives an email from PayPal or a bank which states that the account was comprised and that action needs to be taken to protect the account.
A link is provided, and many users will click on that link to get to the website fast. The website looks like the real PayPal or bank website which adds to the trust the user has in the process. Even the web address may look similar.
The website asks for authorization, and most users will enter the data without hesitation. The data that is entered is collected by the attackers and is then used in criminal activity.
The most powerful weapon against phishing is common sense and the following rules that every user should oblige to.
Thankfully though there are quite a few tools out there to aid and protect the user against phishing attacks.
The most powerful protection again is the user's common sense. Here are a few pointers on how to detect if a website is real or a phishing site:
Firefox users can check if the phishing protection of their web browser is working. Do you have additional phishing protection tips?
If you like our content, and would like to help, please consider making a contribution: