Phishing has now became a major issue in this virtual world of Internet . There are loads of victims getting phished everyday loosing their valuable E-mail accounts and other confidential accounts like Paypal, Google account etc. Technically speaking
Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.
For example suppose you go to a web site which claims “if you login from this link to your google account then you will be getting extra premium features“. So what you do is go to that link and login from there. Even you get redirected to your Google account after successful login. At that very moment you will not be able to understand whether there was anything wrong you did or not! But after a few days the chances are that your password will get changed, resulting your account to get hijacked.
Obviously you dont actually want it to happen isn’t it? But today in this huge internet, thousands of Fake login pages and phishing sites gets developed everyday and thousands of them also get banned. So without much experience it is hard to determine whether a site is phishing or not. Well but obviously you do not need to be a Tech geek to protect yourself from phishing attemps. All what you need is to follow some simple procedure while logging in to your confidential accounts.
So please read on…
1. Always Check the URL:
This is worst and primary mistake one does. URL is the address of the site you are visiting which is shown on the address bar of the browser. Believe me of everyone checks the URL before submitting login information then the chances if getting phished will get decreased by 80%. But Statistics shows that over 50% of the people heavily using social networking sites like facebook, orkut etc do not bother to look at the URL. So here is what you need to do in order to be safe:
- Always check the URL and verify the domain in which you are going to give your login information. Like if you are logging in to your Blogspot account then you should see blogger domain in the Address bar. Take a look at the following image.
Similarly if you are logging in to some other google account services like Picasaweb, Orkut etc then you should see google on their login page. Like the login URL of orkut begins with something like this: https://www.google.com/accounts/ServiceLogin?service=orkut.
Also any bank account web site should also begin with the Bank name as domain. You should always check the manual documents before logging in to your Bank accounts. Like the default URL of Citibank is http://www.citibank.com [Note that it is Citibank not Citybank]
- Do not login from any site whose URL begins with some Numerical IP address like xxx.xx.xx.xxx [Take 111.12.13.098 for example]
- Do not login from any third-party site which claims to give you additional features to your default Email or other confidential accounts. Whatever may it be, if you do this then there is a 99% chance of your ID getting phished.
- Do not use proxy site until you trust it! We shall be giving some trust worthy proxy site on our next posts.
- Every website URL should begin with either http:// or https://
2. Check for the encryption:
Whenever you login to your E-mail accounts like Yahoo, G-mail etc and some other confidential site like paypal, or other Online Bank accounts they encrypts your page in order to minimize hacking attempts. So you should check for encryption icon on every highly confidential pages. The image below shows how encryption is shown on two major Browsers Mozilla Firefox and Google Chrome
Not all sites provides the encryption feature. But we should always check this.
3. Manually Type the address:
This is actually a good practice which can drastically reduce the chances of landing in a phishing site. For example instead of going to your Bank account website from a reference URL [Link from another thirdparty site] type in the address on your browser address bar. For eg, if you want to visit citibank then type in www.citibank.com and hit enter. This process will make you more aware and safe from phishers. You can also bookmark them under a specific category for your ease. But I prefer to type manually while logging in to my Google accounts and other Email accounts.
4. Use Anti phishing Firefox addons:
So you should be using Firefox Web browser now. If not go and grab one for yourself. Wondering why? Well I think this can help you understanding the reason. So now that you have one of the best browser lets power it up using Anti Phishing addons. Here is a list of them
- PhishTank SiteChecker:
- This extension warns you when you reach a phishing page by mistake.
- Also prevents you from entering a phishing site.
Link: Click Here
- Decodes URLs for better readability
- Puts emphasis on the domain (reduces spoofing-phishing risk)
Link: Click Here
- McAfee Site Advisor:
McAfee siteadvisor also warns and blocks your entry to phishing sites.
- Web of Trust [WOT]:
The best of its kind and a must have firefox addon.
- Enables you to rate any website for its Trustworthyness, Vendor reliability, Privacy and Child Safety.
- Shows you warning when you visit a site having low rates globally.
Link: Click Here
Thanks to http://www.rxpgonline.com for their guide on Anti Phishing addons
5. Play Antiphishing Games:
Now if you think that you are really a geek and no one can actually phish you out then why don’t you try out your skills on these cool games [Yes games] I have found them really interesting!
Do let us know how you have scored!
6. Report Phishing Site:
Yes you have heard it right! We should always do our own part of duty! Whenever you come across any phishing site or have any doubt on it then do report it over here. Its easy Just fill up [copy paste] the Web URL and give an optional description of you like. If it is really a phishing site then on Browsers like Mozilla Firefox it will get blocked within 48 hours or less! Cool isn’t it?
7. Share your experience:
- Have you ever came across any phishing site?
- Did you know about phishing sites before?
- Have you ever been phished?
- Did you ever reported any phishing site to google?
If so then please do share your experiences with us! It will help all of us to improve and secure ourselves more!
By the way did you know that…
The word phishing comes from the analogy that Internet scammers are using e-mail lures to fish for passwords and financial data from the sea of Internet users. The term was coined in 1996 by hackers who were stealing AOL Internet accounts by scamming passwords from unsuspecting AOL users. Since hackers have a tendency to replacing “f” with “ph” the term phishing was derived.
That’s it for now! If you have enjoyed this then you can also share this article with your friends using ReTweet or other social bookmarking given at the end of this article. Also do give your precious feedback
Header Image credit: http://stills360.com