With the dramatic increase in the number of phishing scams in the recent years, there has also been a steady rise in the number of people being
victimized. Lack of awareness among the people is the prime reason
behind such attacks. This article will try to create awareness and
educate the users about such online scams and frauds.
Phishing scams usually sends an email message to users requesting for their personal information, or redirects them to a website where they are required to enter thier personal information. Here are some of the tips that can be used to identify various phishing techniques and stay away from it.
Identifying a Phishing Scam
1. Beware of emails that demand for an urgent response from your side. Some of the examples are:
- You may receive an email which appears to have come from your bank or financial organization stating that “your bank account is limited due to an unauthorized activity. Please verify your account asap so as to avoid permanant suspension”. In most cases, you are requested to follow a link (URL) that takes you to spoofed webpage (similar to your bank website) and enter your login details over there.
- In some cases, phishing emails may ask you to make a phone call. There may be a person or an audio response waiting on the other side of the phone to take away your credit cards details, account number, social security number or other valuable data.
2.
Phishing emails are generally not personalized. Since they target a
lagre number of online users, they usually use generalized texts like
“Dear valued customer”, “Dear Paypal user” etc. to address you. However,
some phishing emails can be an exception to this rule.
3. When you click on the links
contained in a phishing email, you will most likely be taken to a
spoofed webpage with official logos and information that looks exactly
same as that of the original webpages of your bank or financial
organization. Pay attention to the URL of a website before you enter any
of your personal information over there. Even though malicious websites
look identical to the legitimate site, it often uses a different domain
or variation in the spelling. For example, instead of paypal.com, a phishing website may use different addresses such as:
- papyal.com
- paypal.org
- verify-paypal.com
- xyz.com/paypal/verify-account/
Tips to Avoid Being a Victim of Phishing
1. Do not respond to suspicious emails that ask you to give your personal information.
If you are unsure whether an email request is legitimate, verify the
same by calling the respective bank/company. Always use the telephone
numbers printed on your bank records or statements and not those
mentioned in the suspicious email.
2. Don’t use the links
in an email, instant messenger or chat conversation to enter a website.
Instead, always type the URL of the website on your browser’s address
bar to get into a website.
3.
Legitimate websites always use a secure connection (https://) on those
pages which are intended to gather sensitive data such as usernames and
passwords, account numbers or credic card details. You will see a lock
icon 
in
your browser’s address bar which indicates a secure connection. On some
websites like paypal.com which uses an extended validation certificate,
the address bar turns GREEN as shown below.
in
your browser’s address bar which indicates a secure connection. On some
websites like paypal.com which uses an extended validation certificate,
the address bar turns GREEN as shown below.
In
most cases, unlike a legitimate website, a phishing website or a
spoofed webpage will not use a secure connection and does not show up
the lock icon. So, absence of such security features can be a clear
indication of phishing attack. Always double-check the security features
of the webpage before entering any of your personal information.
4. Always use a good antivirus software, firewall and email filters to filter the unwanted traffic. Also ensure that your browser is up-to-date with the necessary patches being applied.
5.
Report a “phishing attack” or “spoofed emails” to the following groups
so as to stop such attacks from spreading all over the Internet:
You can directly send an email to spam@uce.gov orreportphishing@antiphishing.org reporting
an attack. You can also notify the Internet Crime Complaint Center of
the FBI by filing a complaint on their website: www.ic3.gov.
No comments:
Post a Comment