The term “phishing” is a play on words with the act resembling fishing and usually using misspells to lure in victims and steal their private information. Phish scams or phish attacks are when fake sites or emails are created in an attempt at identity theft or to steal personal information like your credit card number, email address, or bank account details. Phishing sites are the scourge of the Internet and there are people getting tricked into divulging their private information to tricksters, hackers, and identity thieves all over the world, all the time.
There is a general rule of life and business that is quite applicable, in this case, and that is: If you are not paying for the service, you are the merchandise. Don’t trust websites that offer free stuff, tickets, media, information or software, as they will more often than not just take your information, leaving you in trouble which you could have prevented by checking out the validity of the offer.
Internet Security
The first line of defense against all malicious attacks over the Internet is good quality security software form a reputable source. Those are not so hard to find right now at an affordable price and they can save you, your information, and your private data from anyone who wishes to misuse them. Computer security starts with the operating system, and be sure that you have your system updated, with new drivers and security protocols.
Sometimes, it is better even to take a performance downgrade if this will ensure your computer’s safety from attacks. Next, you will need to install your security software and to update it for the newest parameters. All licensed security and anti-virus software does this update automatically and there is no special IT know-how needed to install and update these programs.
Make sure that they are operational at all times and especially when you are browsing the Internet. Finally, you will need to have your security software include protection for your browser or to have some additional software installed that will prevent malicious websites from harming your computer or taking your information automatically.
Only use reputable browsers that have a built-in safety against malicious websites and even then it is wise to use some add-on that will inform you if the website you are on right now is used to phish for information. If you are using an email service that is not connected to your browser, be sure that your software security includes the email service.
There are hackers or “phishermen” with different levels of proficiency and strategy and while software will not protect you from all of them, most are phishing by sending mass emails of low quality, and good software will prevent you from becoming flooded with spam emails and scam offers from people who are known to trick people online. Good anti-virus, anti-phishing, and anti-spyware software can go a long way in protecting you and making your time on the internet more pleasurable and relaxed.
Be Vigilant
Unlike security software, which is forced to imagine the angles of malicious Internet attacks in advance, hackers can adapt and change their tactics very quickly. Most hackers will have only a basic level and rely on large numbers of sent emails for someone not to have security software and to be unaware of the dangers of information theft.
More advanced hackers will use sophisticated techniques, relying more on the psychology of the victim than on any technical innovation. These hackers will create elaborate websites, with filled out content and reasonable offers that will seem legitimate at the first glance. Sometimes, hackers will even create pages that look and feel like websites from popular brands and companies—and even banks—sending you emails asking you to give them your personal information for some reason.
Some phishing scams are obvious and can be avoided with just a little bit of vigilance, as hackers will sometimes send you a threatening or scary email pretending that they are your bank or the Internal Revenue Service, but would still use a free email account such are Gmail, Yahoo mail, or Hotmail. As you might imagine, multi-billion dollar banks and government institutions can afford the price of a dedicated domain and email.
You will notice that when mass email phishing, scammers will not use your name in the beginning and use some weird phrase as “honorable consumer” or “valued costumer.” This is because English is usually not the hacker’s first language and they don’t have any information on you that they can use against you unless you click their link.
Another easy way to tell if you are being scammed is the amount and type of information the person pretending to be some company, bank or institution is asking from you. Your bank doesn’t need to know your credit card security number, as they already have it in their database. There is also no need for someone selling or giving you anything to know your social security number. Hackers are usually greedy for information and will ask for everything you have, which is a sure sign that the website is not legitimate and that someone is trying to scam you.
The most advanced way that hackers scam people is the technique called spear phishing where the attack is tailored just for you. This is not very common and if you are an average person it will not happen to you provided your vengeful ex-partner is not a proficient hacker. In this case, a hacker will already have some of your information and use it to focus on your weak spots.
These kinds of attacks usually target parents of small children, pretending to be their doctor and asking for a social security number, or your bank informing you that there are pending transfers to your account that you need to confirm by entering your information inside the email. No company will use the email as a submission form for secured data and if you see someone asking you to type in your personal information in an email form, you should report that as a scam immediately.
Misspelling, Subdomains, And Subdirectories
Above harassing email level of phishing, there are malicious websites that will try to trick you into entering your data. These websites will usually pretend to be popular social media sites, bank sites, or government institutions. There are several ways to recognize a website that is not secured and most browsers will inform you of this fact in the address bar itself.
Institutions and companies that use personal information invest heavily in security and have SSL certificates to show their validity. If you are on a webpage that seems like it is your bank or other trusted site, look to the far left side of the address bar and see if it is green and showing the presence of an SLL certificate—if not, it is a scam.
Other ways you can spot a phishing site is either by spelling or by the full domain name. Phishing sites will often use characters that are similar in appearance to a trusted site, but not the same. This practice includes using zeros instead of ‘’o” as to spell g00gle or faceb00k, or using ‘’RN” instead of an ‘’M” as to spell rnicrosoft.
In some fonts, these changes can look identical to the original. In longer domains, misspells will include switching the order of letters, with a good example being the popular betting site ‘’Bet and Win’’ with the phishing site being named betnadwin.com, which is one of the main reasons why the actual company now uses just bwin.com.
Hiding Links And Fake Forms
Fake forms are another popular phishing technique that usually comes alongside others to make you give your information quickly before you realize that the website or email that you are looking at are not from the place you previously thought.
Through email or a fake website, scammers will give you a form that will look like a login page or a security form that you will need to fill out for some cited false reason or another. Never fill out forms with your private information in an email, as there is no reputable company that will ask such a thing from you.
Go to the company’s official website and log in from there and, if there is no reason cited there that was mentioned in the email, report the scam to the company whose name they were using and delete the email you received.
Because hackers can hide the real domain name with HTML, before entering any private information, check the address bar for the certificate and the full domain name to be sure that that is the correct website to which you want to give that specific information.
Social Media Phishing
Social media phishing is relatively new and it works on the basis of your trust in your friends. A scammer will find out a log-in password from one of your friends on social media and use their information and their access to your information to try to scam you.
Don’t click on suspicious links even when they are sent by your friends and always ask what is the link. Sometimes, your friend won’t even know that their account has been hacked and will only see your message back to them. If you are a victim of a coopted account, change your password as soon as possible and inform your friends not to click on any links sent by you.
Sources
- https://digitalguardian.com/blog/phishing-attack-prevention-how-identify-avoid-phishing-scams
- https://www.csoonline.com/article/2132618/phishing/11-tips-to-prevent-phishing.html
- https://www.zonealarm.com/blog/2014/07/7-ways-to-spot-phishing-scam/
- https://heimdalsecurity.com/blog/abcs-detecting-preventing-phishing/
- https://www.luno.com/blog/en/post/google-ads-phishing-scams-identify-avoid