It is time to update the phishing protection article that we published some time ago (see Phishing explained) with the recent news that thousands of Hotmail users (and apparently Gmail users as well) fell pray to yet another phishing scam.
What is phishing? Phishing, which stands for password fishing, is a popular technique to collect data from users without their knowledge. This data is usually sensitive, like credit card information or usernames and passwords.
Phishing involves getting unsuspecting users on specially prepared websites that often look identical to the website the user expects. Phishing evolved in recent time as well thanks to the rise of apps in particular. Apps may also be used to steal account data from users.
Think of this example: A user receives an email from PayPal or a bank which states that the account was comprised and that action needs to be taken to protect the account.
A link is provided, and many users will click on that link to get to the website fast. The website looks like the real PayPal or bank website which adds to the trust the user has in the process. Even the web address may look similar.
The website asks for authorization, and most users will enter the data without hesitation. The data that is entered is collected by the attackers and is then used in criminal activity.
The most powerful weapon against phishing is common sense and the following rules that every user should oblige to.
Thankfully though there are quite a few tools out there to aid and protect the user against phishing attacks.
The most powerful protection again is the user's common sense. Here are a few pointers on how to detect if a website is real or a phishing site:
Firefox users can check if the phishing protection of their web browser is working. Do you have additional phishing protection tips?
Related Resources:
Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.
“The most powerful protection is the user’s common sense”
Until someone invents a common-sense add-on for the human brain, phishing will flourish.
Well regarding the password management tools, I am using Sticky Password. It has all I need – password generator, secure database, only one password to rembemer.
http://www.stickypassword.com
Mitto (http://mitto.com) is a great password manager. They write an article about how using their service helps you to avoid phishing schemes: http://mitto.com/blog/2009/2/3/how-mitto-protects-users-against-phishing-and-identity-theft.html
This may sound crazy, but write your passwords down! Yep. Write them down. http://www.f-secure.com/en_US/security/security-center/security-stories/cyberawareness.html