Phishing attacks are an online confidence scam where a scammer falsely claims to represent a legitimate entity to gain the trust of a victim in order for the scammer to trick the victim into handing over sensitive information.Phishing attacks are commonly started with the scammer sending the victim an email or social media message that links to a spoof website that is designed to appear legitimate but actually steals any information entered into it. The term derives from fishing, as the scammers will send out the bait (typically an email) and see how many victims they "hook".
Perhaps the most common type of phishing attacks involve the scammer asserting to represent the victim’s bank (for example the image on the left that shows a real example of a banking phishing scam). The scammer will send the victim an email that will have a link to a spoof website that asks for the victim's banking information, such as the victim's online banking password and card information. Such information is then stolen by the scammer as the victim enters it into the spoof website.
Phishing attacks can also involve the scammer pretending to be from Facebook, Paypal, Ebay, Twitter, government agencies such as the IRS and other types of businesses.
The following do’s and don’ts will explain how to avoid these scams.
DO NOT click on links in emails
As a general rule of thumb, avoid clicking on links within emails. Even if the email appears to be from someone you trust, this can easily be spoofed. If you absolutely must click a link within an email, make sure you fully trust the sender of the message and that you were expecting to receive the email.
DO NOT click on suspicious links on social networking sites
Links on social networking sites can be as equally as dangerous as links within emails. Phishing scammers often use social networking sites to bait victims. Links can spread throughout such sites directing victims to spoof websites.
If you have been sent a link by someone you do not know on a social networking site, you should not click on it. If you have been sent a suspicious link from someone that you do know, ensure with them first that they did indeed send you the link and that it is safe.
4. DO always check the website address
If you do find yourself on a webpage asking for your information, always check the web address (the URL) to make sure it is correct. For example if you are on the Facebook login page, make sure it actually is the Facebook login page by ensuring the web address begins with www.facebook.com.
Often scammers will disguise the URL – take for example the image below – the domain here is actually myfakedomain.com, but adding a subdomain (the bit before the domain) makes it appear more genuine.
Also worth remembering is that if you have to enter ANY sensitive information into Facebook such as online banking details, or credit/debit card information, the start of the web address should begin with https and never http. The added “s” ensures the webpage is secure.
DO NOT trust emails or messages that have spelling or grammar mistakes
One of the key red flags to many types of phishing scams is poor spelling and grammar. This is because scammers are often from non-English speaking countries. Communication from legitimate entities, such as banks, or social networking sites, are extensively proof read and are very unlikely to contain such errors.
DO have reliable, up-to-date security software installed.
Having reliable, up-to-date security software installed will block phishing websites, so even if you do fall for it, you’re still safe! Having such quality security software installed is essential when staying safe online.
For those without reliable security software, or for those looking to upgrade, we recommend Bitdefender Total Security 2013, which includes phishing protection. Bitdefender evaluates a website before you visit it to determine whether or not it is safe. If the site is used in phishing attacks, you’ll see the image below letting you know the website is unsafe.
Bitdefender Total Security 2013 is ThatsNonsense.com’s editor’s choice for security software for 2013. You can download your own copy here or read our full review here.