Remember when your parents would warn you about talking to strangers, telling them where you live and taking things from them? Well, the Internet is another "stranger" filled place, with hidden threats lurking around each site's corner. Along with the obvious bad guys like viruses and malware, a sneakier threat is phishing attacks, which are likely to rob you blind and take your identity too.
What is phishing exactly? Without all the technical lingo, a nefarious site or person ("phisher") pretends to be a legitimate site to steal your personal information or financial records. So you think you are logging into your online bank account but you are actually logging into a very craftily disguised site, that stores your login info to access your account. The term "phishing" is a word play on "fishing", where a fisherman baits his hook, fools the fish into thinking it is food and reels it in. Such tactics are a serious threat to online safety and individual users security. Below are some tips to prevent phishing from stealing your information.
Top 10 Tips to Prevent Phishing Attacks
1. Read emails and messages carefully. Instinctively one's first tendency is to "click, open, delete", don't follow such instincts. Go through the email completely. Look for some tell-tale phishing signs such as:
- Spelling mistakes and grammatical errors in the email's text
- Your name isn't present anywhere but instead a general name is given. ("Dear satellite subscriber", instead of your full name heading the email)
- Subtle threats to follow the email's instructions ("your account will be terminated if you fail to follow the procedure")
- Unknown senders or companies you have never heard of
- Impossibly unrealistic deals ("a wealthy millionaire died and decided to leave you, Mr. Abc, all his money")
3. Do not click on links in your email at first. Hover the mouse icon over the link and see what address appears in your browser screen. The text of the link can say one thing but the actual address could be someone's private computer or fake website. For e.g.: the link could be: http://www.xyx.com but on hovering, the text might read: http://126.96.36.199/fileen.htm or http://188.8.131.52/collect.exe. Do not copy the URL or link and paste it in your browser's address bar. To truly test its authenticity, open a new window and type in the official site address of the organization or company. Phishing sites will use legitimate looking links to fool you into clicking and then take you somewhere else entirely. Do not click on links in pop-up windows at all.
4. Avoid sending private information like your name, account details, passwords - any sensitive information that is unique to your online identity, through emails. Your email account or the recipient's account could get hacked and your information exposed.
5. Do not enter any information in pop-up windows. With downloads and attachments, be vigilant. Only open or download email attachments from known senders but make sure you scan the attachment prior to download, using your anti-virus software.
6. Check any of your online or financial accounts and transaction statements for any suspicious activity or operations. For example, if there has been a deduction from your bank account which you have no knowledge of or a "password successfully changed" alert appears on your phone, contact the respective department of the company involved and assert that you have not performed said changes. Such checking of accounts should be done at least once a month.
7. Your computer is your castle, so line its defenses with spam filters, anti-spyware programs and a decent firewall. Look for anti-virus programs, with phishing filtering. Download the latest security updates and keep your computer up-to-date, so that it can handle the latest threats as they come.
8. If you are carrying out sensitive data transactions like online shopping or money transfers, make sure you are using a secure connection to a secure site. So look for "https://" in your address bar, before the site's address. Another sign is in the bottom right-hand side of the web browser. A small chain or yellow lock icon indicates a secure connection. Sometimes such icons can be "faked", so check the URL of the site as well. Clicking on the lock icon should display the site's security certificate. If the site name and the name of the site on the certificate do not match, leave the site immediately.
9. With phishing being such a silent yet deadly web menace, web browsers are also stepping up their security mechanisms. So install a tool-bar or phishing filter utility on your browser to warn you from navigating to phishing sites. Turn on your browser's security mechanisms and alert messages. Updating your browser will also keep such security features informed of the latest threats.
10. If you suspect a site of being "phishy" or you have been phished", then your silence will just allow the guilty party to scam someone else. Some web browsers allow you to report suspected sites or mark them as unsafe. You can even inform the legitimate site being impersonated of the phishing site. The Federal Trade Commission deals with phishing scams and sites dealing with such attacks, visit their site to complain of such sites and if you are a victim, then informing the FTC can help prevent the possible theft of your identity.
Don't fall for the "hook", be the smart fish that got away by following the right anti-phishing tips. It is web hooligans like phishers and hackers, that give the Internet a bad name, so surf smart and access secure information smartly.