You might have got or seen many links with a luring message alongside (like get 500 likes on Facebook or get 2000 gems on Clash of Clans) that promises to offer you benefits on clicking them. Some of them might be genuine but most of such links are forged to steal sensitive information. This way of stealing info with the means of forged or duplicated website is called Phishing. If you click on such websites and provide the information asked, they could make an illegitimate use to make a profit from them. In this article, we will discuss phishing attacks and ways to be secured from phishing attacks.
What is phishing attack?
Phishing is a malicious attempt to obtain sensitive information disguising as a trustworthy entity through websites. The sensitive information could be usernames, passwords, bank info, Debit/Credit cards info, etc. It can be simply understood as fishing, the way it is pronounced. Just like on fishing, the phishers try to lure you to grab benefits or ask you to rectify the discrepancies regarding your account and requesting you to click certain links. This will be the bait in Phishing. And if you believed in them and provided the information requested, you have taken the bait and unknowingly provided your sensitive information to the phishers. Once the phishers get your information, they can highjack your account and take advantages from them.
In the Phishing technique, the forged or duplicate website will have all the details cloned from the genuine website so that they seem identical. This is the major objective in phishing. The phishers will not let arise a single hint of the doubt to divert the user interest.
How to identify phishing websites?
Checking the website URL would be the most reliable way to identify a phishing website. So you should check the website URL to assure yourself that you are on a safe site.
- Domain name
Authenticity of the website can be checked from the URL. Most of the organizations have its name or the acronym as the domain name. If no such information is found in the URL, it could be a phishing website.Check the complete URL. Sometimes domain name of the genuine website can be used as a subdomain of other websites for phishing purpose. For example,
Facebook.blogspot.com. - Unsecured website
If the website does not have https:// or padlock icon on the URL, the website could possibly be a phishing website.
- Spelling or grammatical mistake
Some phishers use website with the domain that closely resembles the original website. Check the spelling and grammatical mistake. If found then it could be a phishing website. For example,
Fakebook.com and
Faecbook.com could be the phishing website of
Facebook.com.You can also find spelling, grammatical and sometimes technical mistakes on the content of the phishing website. Stay alert!
- Enter the URL by yourself
Enter the URL by yourself. In the course of entering, if there is auto-filling, then the website could be a genuine one.
- String length in URL
If the string in the URL is unusually long then it hints to be a phishing website.
How to be secured from phishing attacks?
Due to advancements in technology and digitization, our information is being vulnerable. So phishing attacks have been a serious threat for all of us. Here are some ways to keep one secured from the phishing attacks.
- If the emails and links are from unrecognized senders, ignore it
- If you have a doubt, do not risk it: - If you are skeptical about the website, try to contact the organization. If you are asked to fill the bank information, call the bank and find the truth from them.
- Check your accounts regularly: - If you make a habit of checking your accounts regularly, you can detect irregularities.
- Never send any sensitive information through the mail: - Genuine media never asks to send sensitive information via mail. So never, send such information through the mail.
- Do not fall for the offers that are too good to be true
- Hesitate to Log into the websites where you barely logout
- If you are using an app/software to provide info check the developers and confirm them to be official
- Check ‘forget password’ option. Many phishing websites lack them.
- Apply unique account unique password rule:- Avoid using same password for several accounts. If one password is leaked, a number of accounts are at stake.
- Beware of pop-ups: - Avoid clicking on the pop-up links, copying the links or providing personal information to such links.
- Protect your browsing device with a firewall, spam filters, anti-virus and anti-spyware software.