Phishing attacks are attempts to steal passwords and other personal information. One way fraudsters do this is by tricking people into visiting fake websites. There are other dirty tricks used to commit identity theft. Consider three ways to protect yourself from phishing attacks: education, intuition and technology.
Phishing Education
Photo by VolaVale
You are already protecting yourself by reading this article. Since you probably found this through a search engine, make sure you read the other articles from the results. If you just want to protect yourself, a general understanding of the current dirty tricks will keep you from becoming a victim.
Understand this: phishing is just one of a slew of social engineering tactics being used against people every day. These tactics can be very sophisticated, so we must be vigilant at all times.
Throughout this article, you will see references to tools and sites. Be sure to investigate them.
General Phishing Information
Wikipedia has a pretty good overview of phishing. However, the editors seem to think that the page is not up to par. Still, you’ll get a good idea of the subject.
Google can help. Just type phishing information in the search box and explore the results. At the time this article was written, the number one result was phishinginfo.org. This site has a wealth of information and practical advice.
In-Depth Phishing Material
If you are interested in learning more about phishing than you’ll find on general websites, you can start by going deep into the
Social Engineering Information
A good book to read is The Art of Intrusion, by Kevin D. Mitnick, a reformed hacker. Using case studies, Mitnick explains how he tricks employees into giving him whatever he needs to penetrate a company’s supposedly secure systems. You may also wish to check out his website, MitnickSecurity.com.
Phishing Intuition
Photo by Carbon NYC
Your intuition, believe it or not, can be a powerful defense against phishing. If a stranger approaches you on the street with a sob story, you can usually smell a fishy tale (sorry about the pun!) Email should be treated the same way.
We should all know by now that banks never ask for personal information in emails! This helps your intuition when you get a legitimate-looking email asking you to update your information.
Poor spelling and grammar are two other things that should stir the hairs on the nape of your neck. By paying attention to your intuition, you will know when to be suspicious. By educating yourself, you’ll be able to confirm whether you are being targeted by a phishing attack.
Anti-Phishing Technology
Photo by A Magill
There are two types of anti-phishing technology. Active anti-phishing technology attempts to alert you or your ISP whenever it detects suspicious content. Passive anti-phishing technology relies on your situational awareness to protect yourself from phishing attacks.
Active Anti-phishing Technology
Because phishing attacks primarily use email, it is no surprise that there are many products and services designed to protect your email, either before you get it or after it arrives in your inbox. Proactive ISPs can blacklist emails from suspicious addresses and your spam filter may catch a few. Your email program has some other defensive measures. For example, Gmail gives a warning when it detects that a link does not go where the link text says it goes.
There is so much software available, you may become overwhelmed. Here is an easy way to digest it all. Just think about your online habits. If you tend to visit the same few sites, you can focus on protecting your email. If you like to surf random download sites, you need to research more extensively to protect yourself from malware, pharming attacks and other security threats.
Finally, if you spend a lot of time on social media websites, you know that website addresses are often “shortened”. Services like bit.ly, budurl.com and tinyurl.com disguise the true address. You should research browser add-ons that allow you to preview the website addresses. Bit.ly preview is one such add-on for Firefox.
Passive Anti-phishing Technology
Web browsers usually highlight the real website address when you place your cursor over a link in an email. Just by making a habit of previewing these links, you can thwart the most obvious phishing attacks.
Most browsers allow you to save passwords to the websites you have to log in to use. This is almost an ideal passive system! Since the passwords are linked to a specific website address, you can eliminate phishing attacks by never clicking on email links. To verify or refute a suspicious email, either type the address directly into your browser or browse through your favorites and click on the website. Then, let the password manager log you in.
Password managers in your browser are fine if you only connect to the Internet from your personal computer. However, if you frequently use public computers, you need to take the password manager concept to a new level. You need a USB key and a program like RoboForm.
USB key software is ideal for providing security in your mobile environment. If you keep a portable version of Firefox on your USB key, you never have to worry about someone tracking your browsing history. If you use RoboForm, you will learn to navigate and login to your favorite websites right from the Roboform address bar. This stops phishing attacks in their tracks and has the added bonus of defeating keyboard monitoring software that may have been installed on a computer.
Summary
Photo by brad holt
Now that you know a bit more about phishing attacks, take steps to protect yourself. Read up on the latest security threats. Pay attention to your gut feelings. Try to use the available technology to keep your identity and your computer safe.
Thanks for the tips. I was nearly duped by one of these phishing scams. I filled in a form and nearly hit submit when I heard a little voice at the back of my brain screaming “NO!” Unfortunately there are a lot of people who use the internet who aren’t so aware of these risks.
You’re welcome, April. Thanks for visiting my blog.
I checked out your community blog, too. Ironically, I just moved
this post from a community blog (Info Barrel.)
I hope more people find it here, even though Info Barrel
has way more eyeballs
Cheers,
Mitch
I’ve had a similar close call – I received a payment notification from what I thought was my hosting company. I was about to login to “Paypal” and noticed the IP address in the address bar.
Very close call that could’ve caused me a lot of stress.
On Stumbleupon and delicious – it’s info a lot more people need to see and be conscious of.
ashok recently posted..Emily Dickinson- “It is an honorable Thought” 946
First of all I’d like to thank you for providing such a great stuff on anti-phising and telling a lot straight solutions for protecting ourselves…I personally feel that one should never share his vital passwords & other facts with anyone else as these can really hurt the person…the “modern thieves” have developed a lot of new ideas to get the information and it becomes really important to save the sensitive data from them…:)
You’re welcome. Thanks for stopping by.
Cheers,
Mitch
Pingback: Spam Is Your Fault | Morpho Designs
Any Rootkit Attack can be devastating for too many people. Rootkits are hard to detect and harder to eliminate than any other malicious software.
Of course spyware and trojans are also great doors to let anyone with the power enter your system and steal anything they want.
As an IT Guy, the main problem causing this issues are the users who think that will never happen to them.
That’s a serious point to start to getting fix first. Preventing and having the right knowledge will always increase your security on your computer against any phishing attempt.
Luis Posselt recently posted..Learn how to make money with Joomla
Hi Luis! Thanks for stopping by and sharing your insights. I know it must be frustrating for you to have to educate users in this area.
Or maybe, judging by your interesting Joomla Train Website, it’s all in a day’s work for you.
Cheers,
Mitch
Well not really frustrating, just with a few ones
…Yeah I do love Joomla and WP…Those are my favorite CMS Systems…You got a pretty good blog in here man…I’ll come back later and read some more…See you..
Thanks, Luis! I’ll be looking for ya!
Cheers,
Mitch
Hi Mitchell,
Thanks a lot for this post but my Facebook account got hacked few days ago.
Thanks,
James
Sorry to hear that, James. I hope you got everything sorted out.
Mitch
I know that even best protection will fail if human fails, first of all we’ve got to spread knowledge about things like this, if people are not wisdom then they are really easy target for thiefs.
Welcome, Paul!
You’re absolutely right – and it’s even worse: as we become accustomed to receiving email notifications from our regular sources, we’ll let our guards down. See my post Spam is Your Fault for an example.
Cheers,
Mitch
PayPal accounts are the common targets of Phising. Without intuition, I may have been a victim myself.
Phishing has become prevalent in all parts of the world. There are a number of phishing mails that I delete every day and yet the potential hackers continue sending the mails everyday. I think education about phishing is the most significant factor and such blog posts can serve as a informative source and help avoid phishing scams. Thank you for enlightening me about phishing technology!
Mac recently posted..Fear Is Killing Your Golf Game
Mac,
Are you taking any steps to filter those emails? I find Gmail is way better than Yahoo at keep the crap to a minimum.
Cheers,
Mitch