Protection from Phishing

How to Protect from Phishing  

Phishing is a technique deployed to solicit information from users through various means. The most popular are emails that uncanningly looks legitimate to unsuspecting users. Usually, the emails allure the users to click on a link that redirects to fraudulent websites that appears legitimate. Once the users are on the redirected website, they are asked to provide credentials such as usernames and passwords, that can potentially pose the users to risk for future compromises. Moreover, these fraudulent websites may contain malicious codes that can steal informations related to users from their browser’s cookies.

Phishing has been one of the oldest techniques employed by scammers since 1990(s),yet surprisingly, there are many users who fall for it. It is still predominantly deployed to duped users into giving away their personal data and credential. It is not just the number of such fraudulent emails that’s growing, but also the sophistication of techniques are also getting better. In 2016, two-third of malwares were installed through email attachments.

Some of the most common features of phishing which can help users to identify it:

  1. Too Good To Be True – Lucrative offers and eye-catching or attention-grabbing statements that are designed to attract users’ attention immediately. For instance, many claim that you have won an iPhone, a lottery, or some other lavish prize. Just don’t click on any suspicious emails unless you are sure about it.
  2. Sense of Urgency – One common tactic used in phishing is creating the sense or urgency. Users are asked to act fast within very limited time. In such cases, it is best to just ignore them. Sometimes, the email also informs the users that their accounts will be suspended unless they act immediately. One crucial point to remember is that most reliable and reputed organizations have policy(ies) discouraging users to share personal information online. Or the organisations give ample time before they terminate an account. When in doubt, visit or call the organisation directly before clicking on the link.
  3. Hyperlinks – A link may not be all it appears to be. Hovering over a link will reveal shows the actual URL where the users will be directed upon clicking on it. This It could be completely different websites or it could be a popular website with misspelling, for instance www.bankofarnerica.com – where ‘m’ is replaced with actually an ‘r’ and an ‘n’. so look carefully.
  4. Attachments –If you see an attachment in an email you weren’t expecting or that doesn’t make sense, don’t open it! These files often contain malware or other malware.
  5. Unusual Sender Whether it looks like it’s from someone you don’t know or someone you do know, if anything seems out of the ordinary, unexpected, out of character or just suspicious in general don’t click on it!

 

Prevent Phishing Attacks

With so many emerging technologies paving way into our lives, the cyber criminals are also constantly coming up with sophisticated techniques. Here are some ways to protect users and organizations from phishing:

  • Spam filters can help to block fishy emails. However, the spam filters may even block emails from legitimate sources, so it isn’t always 100% accurate. It is recommended that the users mark legitimate mails as “not-spam” to ensure the future emails are treated as legitimate mails.
  • With so many applications of government services taken online, most of these websites require users to enter login information. Chances are the systems might also be open to security attacks. Using CAPTCHA system adds security to the application.
  • Changes in browsing habits are required to prevent phishing. If verification is required, always contact the company personally before entering any details online.
  • If there is a link in an email, hover over the URL first. Secure websites with a valid Secure Socket Layer (SSL) certificate begin with “https”. Eventually all sites will be required to have a valid SSL.

 

References

 

  1. https://www.us-cert.gov/
  2. https://www.phishing.org/
  3. https://resources.infosecinstitute.com/category/enterprise/phishing/phishing-definition-and-history/#gref
  4. https://blog.barkly.com/phishing-statistics-2017