Friday, 22 November 2013

0

How to Avoid Phishing Attacks and Protect your Passwords Online

Posted in ,

Many times we receive an email saying" you have won 10000$!" or you receive a text message on your phone which says " your number won in the lucky draw contest!" Many of us believe it and so we do everything they ask us to do, like giving away passwords and bank account numbers. But by the time we get to know that our passwords have been hacked, it is too late. This serious problem is termed as "phishing" which cyber criminals use to attack common  users.

What is Phishing?

phishing
Phishing is a technique used by the cyber criminals who try to steal your important and private information by pretending to be someone or something you trust. For example, you get an email which seems to have been sent by your bank  asking for your account details, but in fact it is indeed sent by a phishing expert. Though the email seems very real, it is actually sent by a cyber criminal to steal your account passwords. Phishing techniques have become extremely dangerous and sophisticated these days, since they accurately replicate the legitimate trusted source. For example, they will have a real logo, will use the same font and will seem to come from a real email address.

Typical forms of phishing attacks:

1.Account upgrade, system maintenance, software crash or some other mundane reason.
2. Sms text message that seems as if your bank or relative or friend is trying to get in touch with you.
3. Instant message asking you for confidential information.
4.Private message on Facebook containing a link that may take you to a page that looks like a log-in screen for facebook, but actually is a fake log-in screen.

fb+phish
Here in the picture you can see a Facebook phishing attack. Check the URL bar, it is not the Facebook.com
There are a few simple things you can keep in mind in order to avoid the phishing attacks:
  • Your bank or credit card company shall never ask for your password under any circumstances.
  •  If the email you have received contains a link, do not blindly click on it. It can be a fake link which may lead you to a fake log-in screen or executes some other phishing attack. Before you click on the link, you can find out where it is going to take you by holding your mouse over it for a few seconds and looking at the status bar of your browser.Below one is example of phishing.
PayPalPhishing.
  • You may receive an email with a link which looks real. Even if you hover your mouse over it, it replicates a trusted website. For example, Look at the following web address- https://www.facebook.com@www.abs123.com . At first glance this may look like the facebook link, but in reality it will direct you to a completely different address which begins separately after the @sign.
facebook-phishing-email
  • Always check for "https" in the url address bar of your browser, before you enter any confidential information on website. Typically, only trust worthy websites use "https" and phishing websites use "http".
  • Make sure that you read the url adress properly. Watch out for websites with spellings that are similar to the actual website. "online.citibenk.com" instead of "online.citybank.com". Cyber criminals are known to register website domain names with a spelling similar to a trusted website.
  • A simple way to detect a phishing email is, you can carefully look for your full name mentioned in the email. Usually, the cyber criminal doesn't know your full name and may contact you by referring you with Sir, or your email address.
  • Most popular browsers like google chromemozilla firefox maintain a list of known phishing webistes and warn you when you are about to visit any phishing website that appears in their database.
warning+screen
  • If you receive a link and are not sure whether it is safe to click on it or not, you can however check if it is a phishing attach by submitting the website address to a site called PhishTank. This website maintains a comprehensive list of known phishing websites and provides a quick review if the website is trust worthy or not.
phishtankwebpage
  • As you can see, the webpage of Phish Tank provides a bar, to specify any suspected link in it and checks for it. If you sign in or register with the website, you can submit any phishing link to the website and soon it updates the fake link. 
sample+url
  • Here, I have given a link in the bar, to check if it s a phishing attack. We click on the IS IT A PHISH button.

phish+detected
  • Phishtank has detected the link as a phish. It also provides a rating for 100%. If it is more than 50% you should not enter into the link.

Other solutions:

There are commercial anti-phishing software tools available that provides you protection against phishing attacks. For example McAfee's SiteAdvisor Live is a product that allows you to identify and protect yourself from risky websites. You can buy it online from its website.
mcafee
Most importantly, if you have never opened an account with a particular bank and they email you, then it probably is a phishing attack. No matter how tempting their offer might be, do not click on any of their links.

0 comments: