Have you ever received an email supposedly from a bank or other popular online service that asked you to confirm your credentials, credit card number, or other sensitive information or they will block your account otherwise? In most cases, the user must click a link in the email which supposedly will unlock the account and save the data. Then, you may be asked to make a small test payment.
If so, you know what phishing is. However, it is important not to become a victim. Let’s check how phishing works and how to avoid phishing scams.
1. What is phishing?
Phishing is a technique used to trick users and steal confidential information, passwords, etc. The users think they go to the requested site when, in fact, they are redirected to a fake resource.
Until now, hackers have used emails to perpetrate these attacks. Now, as social networks and smartphones are getting more popular, phishing attacks became more diverse.
These massages contain a link that supposedly leads to the protected company’s website. Actually, it is just an imitation of the original website without any privacy whatsoever. Thus, a careless user who does not have reliable antivirus protection may become a victim of a phishing attack.
The key to running a phishing scam is to create a copy of a secure website that is good enough to fool most people. In the most advanced fakes, every link leads to the real site. Well, every link except the one that transfers your username and password to the attackers. Moreover, scammers might try to create a URL that looks at least somewhat like the official one. For example, instead of paypal.com, it can be pyapal.com or paypal.security.reset.com.
However, not all phishing pages are done well. Some use the wrong colors or otherwise don’t match the page they’re imitating. Others have completely lame URLs, such as admin.dentistry.com/forms or X8el87.journal.com. Even these lame fakes apparently pick up a few people, or the scammers would have given up.
When you enter your username and password on a phishing site, the scammers gain full access to your account. To prevent you from realizing you’ve been scammed, they can transfer the credentials to the real website so, it looks like you’re logged in as normal.
The only way to understand is by finding out that your bank account is empty. Or by not being able to log into your email and your friends saying they’re getting spam from you. So, how to protect yourself from these kinds of attacks?
2. How to avoid phishing scams?
2.1 Don’t click on links in messages from unknown people
The message may look like one from a well-known online store. But the familiar name and logo in the text may be confusing. It is important to check the sender’s address.
Fraudsters register an e-mail address similar to that of a real online store, bank, or other organization. For example, they use mail@superstorre.com instead of the real mail@superstore.com address.
Sometimes, scammers don’t even bother with a similar address since it is often hidden. They simply put the name of the store as the sender’s name—that is what the recipient sees. It’s easy to check, but not everyone pays attention to such details.
Scammers attract not only via email but also through messengers and social networks. You may receive a message from your online friend with an offer to click on a link but it may turn out that the account was hacked.
In addition, a bait link can be a part of a friend’s post on Facebook, a tweet from fake brand representatives, or a personal message on Discord.
Also, you should be suspicious about the banners. The picture on them may have nothing in common with the website you are redirected to. Resources, which place banners, as a rule, can’t control what exactly the user will see and where they will be redirected. So, even the perfectly respectable resource can show you a banner with a phishing link. The best way to avoid threats is not to click on them at all.
To avoid phishing scams, always carefully check the sender’s address. If it differs from the usual address of a store, bank, airline, or other real organization even by one symbol, you shouldn’t even open this message. If the address is unknown to you and you don’t expect messages from new recipients, just delete it.
When you open the email, pay attention to the way it is written and designed. Spelling mistakes and a horrible design are clear signs of a fake e-mail. But recently, scammers have learned to imitate the corporate style of famous companies very precisely. So, it’s worth being careful, even if everything looks perfect.
2.2 Check the address bar
And despite it being quite easy to imitate the website design, it’s almost impossible to fake the website address. What should you check when you click on a link?
Save addresses of banks, government agencies, favorite online stores, and other online services in bookmarks. You can enter the address manually, but you should be careful. Sometimes, a mistake by even one symbol may lead you to a phishing website. Always check your browser’s address bar. You can even end up sometimes on a phishing site when you navigate between the pages of a known portal.
Secure connection. Do you want to enter personal information or card data, or make a purchase through the website? Make sure the link starts from HTTPS and the icon looks like a closed lock. This means that the connection is secure. When you enter any data, it is automatically encrypted and cannot be intercepted.
A secure connection is a requirement, but not a sufficient one. Hackers will not be able to connect to the website and intercept your data but there is no guarantee that the website itself is legal.
2.3 Don’t pay through insecure pages
A fake online store may offer you to make a trial payment. To complete it, you will have to enter your card number and security code, as well as a code from a text message directly on their website. Make sure you enter the data on the payment system website.
When you need to enter the card details, the website must redirect you to the payment system gateway which is a separate secure page. The legal online store cannot access the information you enter there.
Payment gateways connect to the cardholder’s bank. The bank sends the customer a one-time code to confirm the transaction and the payment is made only after the buyer enters the code.
To avoid phishing scams, do not give the secret codes to anyone. Make sure the data from the SMS matches the transaction details. If everything is correct, enter the code. If not, call the bank.
All payment systems have secure gateways. The most popular platforms are Visa Secure and MasterCard SecureCode. These logos must be active links that lead to the payment system’s websites. On fake pages, these logos are just pictures.
2.4 Update your browser regularly
Are you using an older browser? Most likely, its weaknesses have already been exploited. So, update your browser regularly and make sure you are using the latest version. This way, you get the latest patches for all discovered vulnerabilities.
In addition, use security extensions. They will scan all the websites you’re going to visit and block any malicious resources.
2.5 Change passwords regularly
Changing or rotating the passwords to your online accounts is a good idea to avoid phishing scams. Attackers can compromise your account without you knowing. So, the regular password update will create an additional security layer to prevent possible phishing attacks.
2.6 Don’t click on pop-ups
Pop-ups are not just irritating. Quite often, they lead to malware as part of attempted phishing attacks. To block them, use one of the ad blocking extensions. They will automatically filter out most of the irritating and malicious pop-ups.
If you still see some pop-ups, never click on them, especially on the displayed Close button. You should always click on the cross to close the ads.
2.7 Use multifactor authentication
Some online services support multifactor authentications. Besides your username and password, you will need to enter extra data. This can include a security code that you receive by SMS, e-mail, or in an authentication app. Additionally, it can include your fingerprint, retina, or face authentication. Multifactor authentication makes it harder for scammers to hack your accounts even if they get your username and password.
3. Final words
To avoid phishing scams, be extra careful when you get messages from unknown people or deal with suspicious links. Also, use some additional tools like password managers, ad-blocking extensions, and reliable antivirus software.
And don’t forget to be cautious when you get a suspicious link. The correct address must include HTTPS, be natural, and secure.
We earn commissions using affiliate links.
Learn how to stay safe online in this free 34-page eBook.
