How to Avoid Phishing Attacks

phishingThe number and sophistication of phishing scams sent to consumers is increasing rapidly. If you do not know what phishing is you can find out HERE. Because phishing uses social engineering to trick victims into responding to an email message or into visiting a fake site, one of the most effective forms of defense is to teach users how to recognize phishing attempts.

Some of the ways to recognize these messages, so that you can avoid becoming a victim of these scams, include:

Web links embedded in emails, instant messages, or chats. You shouldn’t log on to a website through a link sent in an email. Instead you should call the company on the phone or open a new browser window and log onto the website directly by typing the legitimate address in your browser. Unless the email is digitally signed, you can’t be sure it is real.

Phishers often use variations of legitimate addresses, masking their true identity with hyphens and underscore. For instance, they may use www.user-paypal.com or www.US_Amazon.com.

Be wary of fake sender’s addresses because they can be forged easily. An email message should not be trusted simply because the sender’s email address appears to be legitimate, such as user_registration@paypal.com.

Beware of generic greeting. Phishing emails are usually not personalized and begin with a general opening like “Dear Bank Customer” and do not include a valid account number. However, they can be personalized in the case of spear phishing where the attacker sends customized messages. Valid messages from your bank or e-commerce company generally are personalized and if an email from an online vendor does not contain the user’s name, it should be considered suspect.

Pop-up boxes and attachments are a sure sign of a phishing attack. Legitimate emails from vendors never contain a pop-up box or an attachment, since these are tools often used by phishers.

Online banking and e-commerce is generally safe, but you should be suspicious of any email with urgent requests for personal financial information. Phishers typically include upsetting or exciting false statements in their emails to get people to react immediately, such as warnings that their account will be deactivated. They typically ask for information such as user-names, passwords, credit card numbers, social security numbers, date of birth, etc.

Avoid filling out forms in email messages that ask for personal information and always ensure that you’re using a secure website when submitting personal information in your web browser. Any website in which the user is asked to enter private information should start with https:// not http://; secure sites will have a padlock in many browser’s status bar or at the bottom of the screen. Users should not enter data without these indicators and even with these indicators users should be careful because phishers are now able to forge both the https:// and the lock you normally see on a secure site.

The lock has usually been considered as another indicator that you are on a safe  site. When the lock is double-clicked it displays the security certificate for the site. If you get any warnings that the address of the site does not match the certificate, do not continue.

It is worth reiterating that you should make it a habit to enter the address of any shopping or financial website yourself.

Finally, make sure that your browser is up to date and the latest security patches are applied. Check your bank and credit card statements to ensure that all transactions are legitimate at least once a month.

Bookmark and Share

This entry was posted on Saturday, June 26th, 2010 at 8:18 pm and is filed under Attacks, Computer Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply