Phishing Scams are those which fool you into giving out personal information by using emails, etc. We have already seen what is Phishing. In this article I will give some tips on how to avoid Phishing attacks and scams.
Avoid Phishing Attacks
These tips to avoid phishing scams are based on the recommendations of APWG (Anti Phishing Working Group), an organization that is trying to unify global response to cyber-crime. The organization provides a forum for responders and managers of cybercrime to:
- Discuss phishing and cybercrime issues
- Consider potential technology solutions
- Access data logistics resources for cyber-security applications and for cybercrime forensics
- To cultivate the university research community dedicated to cybercrime and
- To advise government, industry, law enforcement and treaty organizations on the nature of cybercrime
Following are some of the important recommendations of APWG on how to avoid phishing scams.
Do Not Trust Emails Asking For Personal Details
Even though some emails look as if they originated from your bank or other financial institutions, you should not trust them. Such emails ask for an urgent action – to provide your ID, password, debit card or credit card details. There is no harm in making a phone call. Just call up the organization which, the email seems to originate from to ascertain if they actually send the email.
In case you need to correct anything, it is better to type the URL of the institution manually than clicking links in email (reason explained in next section). Log in manually and make changes – only after confirming with the institution that apparently sent you email.
Note that no bank will ever send you an email asking for details so steer clear when dealing with such emails.
Don’t Click Links In Emails Asking For Personal Details
It might look as an email from one of the financial organizations you trust. Still, never click the links in the email – not even to see where the link is leading. If you wish to know where the link is leading, hover your mouse pointer over anchor text. You can see the link at the bottom of your email client. If you can’t see the link there, copy and paste it to Notepad.
What happens is that if it is a malicious website, it may download a bit containing malicious code the moment you land on the website. Even if your antivirus detects it and removes it, the code might do the damage already – by replicating or by sending out an image of your hard drive.
In some cases, they create websites that look exactly like your financial organization’s website. But you can notice the difference when you look at the URL. For example, PayPal links would be like http://paypal.com/something while the phishing link would be http://something.com/PayPal. In case of doubt, you can use the free services of any one of these URL Scanners to check the genuinity og any website.
Customer Care Links In Mails Asking For Details
Some emails may include customer care links to your financial organization’s website. Similarly, they might include links to Privacy policies or something similar. All these are elements that intend to trick you into giving out your data. Do not fall for those links. Again, no bank will ever ask you for details via an email.
While we are here, I recommend you should not give away personal information even if you are called by someone. With identity thefts on rise, people are using social engineering to fish out data belonging to you or to someone near and dear to you. When it comes to exchange of information, do it in person by visiting the relevant financial institution.
Make Sure That Vendor Uses Secure Website
Online shopping is the next big thing. It allows you to go shopping without having to leave your home. To avoid phishing scams that come in the grab of online shopping, make sure the website asking you for credit/debit card info is secure. Until some time back, you knew the website is secure when you see a lock icon in the address bar. These days, they can spoof the lock icon as well. To make sure you are on a safe site, double click the lock icon to see the certificate of security for the website. Make it a habit to manually enter the URL.
To further secure your browser, you can use toolbars from any security system. If you are using Internet Explorer, turn on the SmartScreen filter so that you know if a website is a phishing site.
Use Latest Browsers
If you are using an older browser, chances are that the weaknesses of these browsers have already being exploited. If you go for latest browser, the software companies try to keep on improving on the security aspect. You receive latest patches as and when vulnerabilities are found. Again, install a security toolbar so that it can check the websites you are visiting with the known phishing sites to alert you about possible scams.
APWG recommends using the latest version Internet Explorer. It also recommends the free Earthlink toolbar for use with browsers.
Keep A Watch On Bank Statements
Last but not the least, keep on checking your bank account statements and debit/credit statements to make sure there are no irregularities. This helps you spot errors which may sometimes be a case of phishing and thereby, identity theft.
This explains how to avoid to phishing scams. If you receive a phishing email, you may also report it, by forwarding the email to [email protected]