Everything You Should Know about Phishing Scams and How to Avoid Them

Phishing is one of the oldest online identity theft techniques. Through it, a virtual thief or hacker can get their hands on your personal and financial data or involve you in an incriminating scam. Despite being an old method, many continue to fall for its scams. Therefore, you should know everything there is about phishing to avoid becoming its next victim.

 Most Popular Phishing Methods

Scammers will send their messages, or phishing lures, via e-mail, instant messages, chat room texts, banner ads, message board replies, or fake browser toolbars. Once a potential victim responds or interacts with the fraudster, the latter will attack through one of these three methods:

• A Trojan or Worm – Through an e-mail attachment or a download, a hacker can send a Trojan or worm to your computer. This bit of code will alter your computer’s processes or take snapshots of your screen and send it to its creator.

• Spyware – Spyware like keyboard loggers can record every keystroke or action you take. As a result, phishers can easily get their hands on your passwords and other vital information.

• Forms on Website – Once the frauds gain your confidence, they may ask you to fill a form with your sensitive details. They will then use that information for their own gain and your ruin.

 Phishing Scams aren’t Limited to Computers

If you thought that you were safe from phishers just because you use a smartphone, think again. Scammers have tapped into the power of smartphones and mobile-friendly internet websites for their own benefit.

What makes smartphone users the most popular victims of phishing scams is the limitations of their devices. Small screens prevent users from checking a website’s anti-phishing security measures whereas default browsers make it easier for hackers to create scams that can transcend platforms. Therefore, if you’re used to browsing regularly through your smartphone, be very suspicious of everything that comes through to you.

 How to Identify Phishing Scams

Since websites and e-mails are the most common places where you may encounter phishing lures, you need to know how to differentiate between the good and the bad of both. In general, phishing e-mails usually have the following traits:

• They appear to be important notices or warnings from a trusted source.

• Their context will either be tempting (e.g. an investment opportunity or prize) or may drive you to panic (e.g. confirm your identity due to security breach).

• The sender’s e-mail will appear legitimate and the message’s content will include texts, logos and images from a well-known organization. However, some hyperlinks will connect the recipient to a fake website that gathers their information.

• Phishing e-mails may come with forms that require personal or financial information or a link that directs you to online versions of such forms.

The same traits apply to phishing websites along with using similar domain names of a legitimate website, displaying fake IP addresses, and the appearance of pop-up windows to distract you from time to time.

If you encounter any of these, it is your duty to report them. To report a phishing e-mail or website, simply send an e-mail to phishing-report@us-cert.gov with a copy of the scamming e-mail or the website’s link. Google also fights phishing websites, which is why it offers internet users a Report Phishing Page at http://www.google.com/safebrowsing/report_phish/.

 How to Protect Yourself from Phishing

Aside from learning how to identify phishing websites and e-mails, you need to know how to secure your data using these five steps:

1. If you need the internet while handling sensitive personal or financial data, make sure that you use a secure connection. If you don’t need the internet, disconnect it until you’re done.

2. Keep your software up-to-date to prevent hackers from taking advantage of loopholes. With every update, companies offer new security patches which will protect your system from threats.

3. Store some of your less-sensitive data in cloud-servers. Those are harder to get through, which means that your data will be safer there than on your computer.

4. Invest in a good antivirus, firewall, spyware removal tool and Trojan detector if you want to keep your data well protected.

5. Delete your browsing history and cache after handling sensitive data to prevent it from falling in the wrong hands.

To complement these steps, consider these anti-phishing preventative measures:

• Don’t rely on spam filters alone. You need to check if the characteristics of phishing e-mails apply to each message you get.

• Never divulge your personal information unless you initiate the call or use a secure website with “https” in the URL.

• Avoid clicking hyperlinks, downloading files, or opening attachments from unknown senders.

• Look out for pop-ups. You can disable them on your browser; but if they still show up, make sure to avoid being distracted by them.

• Keep tabs on your online accounts and bank statements to detect any foul play.

Remember all of this information and share it with everyone you know to avoid becoming the next victims of phishing scams.

About the author:

This article was provided by Maria Tomic from Stop-DDoS.net, ddos mitigation service team. Maria enjoys writing on security issues, DDoS attacks, malicious techniques and how to fight them.