How To Avoid Phishing Scams
What Is Phishing?
Phishing is basically an attempt to acquire your sensitive information. Things such as usernames, passwords and credit card details (and sometimes, indirectly, money) by someone masquerading as a trustworthy person or business through electronic communication. The communications claim to be from sites or businesses you probably frequent all the time; site like popular social web sites, auction sites, banks, eBay or even IT administrators are commonly used to lure unsuspecting public by pretending to be legit.
These phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is designed to deceive you and exploits the poor usability of current web security technologies.
These types of attacks have greatly increased over the last few years due to the fact that nearly everything we do these days requires some sort of login or password.
You may have heard of the current Microsoft Scam where a person calls you and advises you that they are from Microsoft. They then let you know that you have a virus on your machine and they need to access the PC to remove it for a small fee. Once they have access to your PC then they have access to your private information.
There are different types of phishing scams, from a telephone call asking for your password to an email from Australia Post letting you know that your parcel has arrived. An oldy but a goody is where you would get an email from what looks like your bank stating that you have over spent on your credit card. Within the email they ask you to click on the link provided and login with your username and password to verify that your details are OK and to check your credit card statement.
Seems reasonable so far. That's what they are hoping you think.
Once you click on that link a few things can happen but first you will probably be taken to a site that looks similar to your bank's website. Then you login to that site with your details and nothing happens. Or you click on the link and behind the scenes a piece of malware is installed onto your machine without you realising.
Unfortunately, these types of attacks are quite hard to defend against because of the personalised nature of the attack i.e. the user actually thinks that the email they are receiving is a genuine email for them so they click on the link.
How To Stay Safe
To avoid falling prey to one of these scams you need to consider a few things.
- Your bank will never email you asking for a password so never reveal your password to anyone that you do not know.
- If an email appears to come from a friends email address, with an attachment that looks suspicious, then you should play it safe and not open it. You can always flick them an email to ask them to resend the attachment to be sure.
- If you haven’t entered into Lotto in Nigeria, and you do happen to get an email stating you have won lots of money in the Nigerian Lottery, don’t open the email.
- Lastly, if you are unsure of any email that has arrived, delete it without hesitation.
If You Do Get Caught Out
If, by chance, you have clicked on that link and entered your details then you are now at the mercy of the person/group that has created this scam and it is worthwhile contacting your bank to change your passwords ASAP.
Then, make sure you run a complete malware/ virus scan on your PC and do not use your PC again until it has been cleaned correctly.