Phishing Attacks And How To Prevent From Being Hooked
Editor’s note: This is a contributed post by Abel Wike. Abel is web content manager at ClickSSL.com, well-known global leader in providing SSL security solutions to thousands of happy customers.
Cybercrime has shown its teeth in the last five years, most predominantly, in the online fraud cases caused by phishing. Have you ever noticed why you are receiving increasing number of spam or fake emails every day? These emails are pretending to be legitimate as they are made to look like they are coming from reputable government institutions, corporate companies, and well-known organizations, when in fact, they are not.
This is called Phishing fraud in which user information like user ID, password, credit card details is acquired during electronic communication, that is, if you give it to them. Phishing mail contain links to websites that are highly infected with malware, with the intention to bring users to the website and extract confidential details from them.
Recommended Reading: How You Are Helping Hackers Steal Your Data
Lines of Attack
Email spoofing and instant messaging are a few types of Phishing fraud which frequently leads users to give out their details on a fake website. The fake sites, look similar to legitimate websites so you aren’t paying attention, you could fall for the trick. There are three techniques of phishing:
Spear Phishing targets chosen group like people from same company or organization instead of throwing thousands of emails randomly. They go up against upper-level targets. In Spear Phishing, the evident source of the e-mail is likely to be a person within the receiver’s own organization and generally, a person who holds authority.
In this technique, a hacker uses the contents and receiver’s address from a legitimate, previously sent mail to a receiver, except this time the content has been replaced with a phishing link, and a fake reply to address.
Whaling involves a web page or email that pretends to be a legitimate. Their target: senior managers in private companies who are in the position to disclose secret company information. Whaling attack emails comprise of a legal summon, consumer complaint, or managerial issues that require an urgent reply from the receiver.
How Phishing Attacks Harm Your Business
Phishing is a serious crime in the cyber world. Due to Phishing, there may be
- financial loss
- data loss
- blacklisting of institutions
- introduction of malware and viruses into a PC or a computer system
- illegal use of user’s details
- misuse of your social security number etc
The phisher can also take a user’s account details and open a new account on the name of the user for financial gain. Phishing can even be used to ruin someone’s life by misappropriating and misusing their personal details.
Phishing Attacks in 2012
According to Anti-Phishing Working Group (APWG), phishing activities have been increasing and most phishing websites are hosted in the US. In the last three months in 2012, an average of over 25,000 unique phishing email reports were reported to the APWG. Plus, the number of unique phishing sites detected exceeded 45,000 per month. For more detailed reports before the last quarter of 2012, click here.
Financial services and payment services are common targets for phishing fraud but also stated in the report is a 12% hike in reports of phishing in online games. Gaming credentials are stolen by hackers and game items they have acquired were sold in the black market for actual cash. Also affected are the identities of the gamers.
Protection against Phishing Attacks
It is advisable to keep our eyes open against phishing. Here are some steps that might be helpful to prevent you from being part of the statistics.
Gmail, Facebook, Dropbox, Microsoft, Apple’s iCloud and possibly Twitter (soon) is using two-factor authentication. In this process you login with a password and a secret code you will receive on your mobile phone so unless the hacker has access to your mobile too, having just your email and your password is not enough to break into your account.
HTTPS instead of HTTP
HTTPS is a more secure protocol than HTTP as it encrypts your browser and all the information you send or receive. If you are looking to make online payments or transactions, opt for an HTTPS website. Such HTTPS websites are equipped with SSL (secure socket layer) that creates a secure channel for information transition.
Recommended Reading: Beginner’s Guide to Website SSL Certs
With Phishing, hackers can create a similar website with a normal-looking login page where users enter login details or even credit card details. Therefore, before entering login details users has to check the padlock appeared on the top or bottom of webpage.
It indicates that user is communicating with the real website. Many websites have EV (extended validation) SSL certificates that turn address bars into a green bar so users easily get idea about authenticate websites.
With use of anti spam software user can reduce phishing attacks. Users can control spam mail thus securing himself from phishing. These software can also help with browser hijacking, usually finding the problem and providing a solution.
Hyperlink in Email
Never click hyperlinks received in emails from an unknown or unverified source. Such links contain malicious codes and you be asked for login details or personal information when you reach the page you are led to from the hyperlink.
Always run a search of the association’s name and click in from the search results.
Recommended Reading: 10 Ways To Tighten Up Your Gmail Security
With a firewall, users can prevent many browser hijacks. It is important to have both desktop and network firewalls as firewalls check where the traffic is coming from, whether it is an acceptable domain name or Internet protocol. It is also effective against virus attacks and spyware.
From the above discussion, it is sure that with some essential prevention steps users can secure their confidential information from phishing expeditions. SSL is also an important part of online security that protects user against phishing attacks.
Here are more website-related security articles we’ve posted in the past:
This post is published by a Hongkiat.com staff (editors, interns, sometimes Hongkiat Lim himself) or a guest contributor.