Phishing is a technique used by cyber criminals who try to steal your confidential information by pretending to be someone you trust. For example, you may receive an email that seems to have been sent by your bank asking for your account details, but in reality would have been sent by a phishing expert. Even though the email seems very real, it is actually sent by a cyber criminal and is an attempt to steal your account password. Phishing attacks have become even more dangerous and sophisticated today, since they accurately replicate the legitimate trusted source. For example, they will have the real logo, will use the same font and will seem to come from a real email address. Typically phishing attacks can be in the following forms:
1. Account upgrade, system maintenance, software crash or some other mundane reason.
2. SMS text message that seems as if your bank or relative or friend is trying to get in touch with you.
3. Instant message asking you for confidential details about some online account
4. Private message on Facebook containing a link that may take you to a page that looks like a log-in screen for Facebook, but actually is a fake log-in screen that steals your password.
There are some simple things that you can keep in mind in order to avoid becoming the victim of a phishing attack:
1. Account upgrade, system maintenance, software crash or some other mundane reason.
2. SMS text message that seems as if your bank or relative or friend is trying to get in touch with you.
3. Instant message asking you for confidential details about some online account
4. Private message on Facebook containing a link that may take you to a page that looks like a log-in screen for Facebook, but actually is a fake log-in screen that steals your password.
There are some simple things that you can keep in mind in order to avoid becoming the victim of a phishing attack:
1. Your bank or credit card company will under no circumstances ask for your password. Really, it will never happen.
2. If the email you have received contains a link, do not blindly click on the link, since it could potentially lead you to a fake log-in screen or a malicious website or execute some other type of a phishing attack.
3. You may receive an email that contains a link that looks very authentic. Even if you hover your mouse over it, it may seem like the link to a legitimate, trustworthy website. Take a look at the following web address- https://www.icicibank.com@www.xyz123$.com. At first glance this may look like a page on the website of ICICI Bank, but in reality it will take you to a completely different address which begins separately after the @sign. Such simple URL obfuscation tricks are commonly used by cyber criminals to fool unsuspecting victims. Please do not click on any link in these emails, no matter how genuine and trustworthy it might seem.
4. Even if a link seem safe, if it was sent to you from a dubious source, you should avoid using it to log in to any of your accounts. Whenever you want to log in to any online account (email,bank,social networking or others), always open the browser in a new window, type the website address and then type the username and password to log in.
5. Always check for "https" in the URL address bar of your browser, before you enter any confidential details on a website. typically only trustworthy websites will use "https" and phishing websites normally use "http".
6. Make sure that you are on a genuine website by carefully reading the URL address bar. Watch out for websites with spellings that are similar to the actual website. For example, make sure you are not on 'online.citibenk.com' instead of 'online.citibank.com'. Cyber Criminals are known to register website domain names with a spelling similar to a trusted website.
7. Another telltale sign to look out for is the fact that a phishing attack email will usually have a number of spelling or grammatical errors.
8. If you receive a link and are not sure whether it is safe to click on it or not, you can check whether it has been reported as a suspected phishing website by submitting it to a site called PhisTank ( www.phishtank.com ). This website maintains a comprehensive list of known phishing websites and provides a quick way to check whether a website appears in that list or not . If your link appears in their database, it is bad idea to click on it.
9. There are commercial anti-phishing software tools available that provide you protection against phishing attacks. For example McAfee's SiteAdvisor Live is a product that allows you to identify and protect yourself from risky websites. You can buy it online from http://home.mcafee.com/store/siteadvisor-live
2. If the email you have received contains a link, do not blindly click on the link, since it could potentially lead you to a fake log-in screen or a malicious website or execute some other type of a phishing attack.
3. You may receive an email that contains a link that looks very authentic. Even if you hover your mouse over it, it may seem like the link to a legitimate, trustworthy website. Take a look at the following web address- https://www.icicibank.com@www.xyz123$.com. At first glance this may look like a page on the website of ICICI Bank, but in reality it will take you to a completely different address which begins separately after the @sign. Such simple URL obfuscation tricks are commonly used by cyber criminals to fool unsuspecting victims. Please do not click on any link in these emails, no matter how genuine and trustworthy it might seem.
4. Even if a link seem safe, if it was sent to you from a dubious source, you should avoid using it to log in to any of your accounts. Whenever you want to log in to any online account (email,bank,social networking or others), always open the browser in a new window, type the website address and then type the username and password to log in.
5. Always check for "https" in the URL address bar of your browser, before you enter any confidential details on a website. typically only trustworthy websites will use "https" and phishing websites normally use "http".
6. Make sure that you are on a genuine website by carefully reading the URL address bar. Watch out for websites with spellings that are similar to the actual website. For example, make sure you are not on 'online.citibenk.com' instead of 'online.citibank.com'. Cyber Criminals are known to register website domain names with a spelling similar to a trusted website.
7. Another telltale sign to look out for is the fact that a phishing attack email will usually have a number of spelling or grammatical errors.
8. If you receive a link and are not sure whether it is safe to click on it or not, you can check whether it has been reported as a suspected phishing website by submitting it to a site called PhisTank ( www.phishtank.com ). This website maintains a comprehensive list of known phishing websites and provides a quick way to check whether a website appears in that list or not . If your link appears in their database, it is bad idea to click on it.
9. There are commercial anti-phishing software tools available that provide you protection against phishing attacks. For example McAfee's SiteAdvisor Live is a product that allows you to identify and protect yourself from risky websites. You can buy it online from http://home.mcafee.com/store/siteadvisor-live
Comments
Post a Comment