Phishing is frequently discussed as one of the most dangerous methods that people can use to steal your personal information. This tutorial briefly describes what phishing is and how to protect yourself from it.
Since this tutorial initially described phishing attacks, more ways to protect users have been developed. This tech-recipe describes these updates.
What is Phishing?
Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy company or person via an email, hyperlink or any other electronic communication. Two of the most common methods of phishing are via email and social engineering.
There are scammers who create fake websites to obtain users’ personal information such as credit card numbers. E-Bay, paypal, and banking account sites are frequently used in this manner.
The scammer typically creates an exact copy of the website and then sends spam to users asking them to update their personal information. Sometimes the messages are aimed to infuriate the reader into clicking the link. Ultimately, the user is actually directed to the fake website that looks exactly like the legitimate version. Entering the information here will place your private data directly in the thief’s possession.
Alternatively, a social engineer runs what is essentially a con game. For example, someone may try to break into a Facebook account by gaining the confidence of the account’s owner. This is usually accomplished by impersonating a “Facebook Moderator” who gets them to reveal information that compromises the account. The phisher may request the current password for “verification. However, in reality, you are giving them complete access to your account.
How do I Protect Myself?
Honestly, most phishing can be stopped by common sense. Never visit a website by clicking within your email and then entering personal information into that website. Sites typically will not email you requesting you to re-enter personal information. If you do get an email requesting personal information, then make a few checks first:
- Verify the email address. If you receive an email from Paypal, make sure the email address of the message makes sense (such as email@example.com or firstname.lastname@example.org). Scammers CANNOT send an email from a registered domain name such as @paypal.com.
- If a link is given in the email, click the link, and see where it takes you. (NOTE: A virus cannot install itself simply through a hyperlink, though many people think they do. If you click a link and a file or program begins to download, make sure you do NOT open the file. Just delete it.) Look at your address bar once you have opened the website. If the email came from Facebook, then your address bar should reflect that and show the Facebook domain. Look carefully since many phishers will pick domain names that look very similar to the actual domain.
- If you are still unsure about the validity of the message you have received, call the company. Most sites have a Contact Us link somewhere on their pages where you can give them a call to verify the email.
Several software packages also exist that will help protect you. The latest generation of browsers such as IE, Firefox, and Chrome all come with built-in phishing protection. However, the software is not perfect and should be considered only as a last line of support.
Though many toolbars are notorious for causing browsing problems, two toolbars work extremely well for protecting you against phishing.
- For Internet Explorer and Firefox, I present SpoofStick
- For Firefox and Chrome, check out Netcraft’s Anti-Phishing Toolbar
Both are well respected in the security community.
Do Not Forget About Viruses
Although phishing is an extremely common attack, being protected against viruses is just as essential. Some viruses will bring keyloggers along with them or will generate many popups requesting you to log into services where it logs your data. It is very important to keep your anti-virus software up to date. I have seen many users who tell me they have Norton Anti-Virus, as it comes preloaded with a 60-day trial on many factory machines. However, they do not ever open Norton to ensure it is updating or run a scan manually. Therefore, they do not realize that it has expired, and they are no longer protected. Anti-virus programs can be expensive and unless you truly use their added features free software like Microsoft Security Essentials will keep you just as protected. You can check updates for the most common anti-virus programs from these links:
Obviously, none of these anti-phishing tools will take the place of common security sense. Be careful when posting your personal information online.