No, we are not going fishing today, although I do feel like
it. Actually in this age of technology, we have become the fish rather than the
fisherman.
Those lovely hackers out there keep on creating ways to
steal your data in order to impersonate you, access your accounts and even get
your money. So how and why do these hackers do it? Simple.
Simplest form of
phishing:
How can that be you ask? How many times have you received
emails claiming to be from Hotmail/Facebook/Gmail/bank/game asking you for your
username and password to verify that you are still a user of that service? If
you don’t answer in 2 weeks, your account will be shut! It won’t be shut and
you should NOT answer any of those mails.
Advanced form of
phishing:
So, hackers got smarter as people realized that they should
not go ahead and email them their passwords. What did they do? They started
imitating the actual websites! Yup, hackers will take all the time and effort
needed to get that password.
Their new technique is as follows:
1.
They send an email appearing to be from the
company, example support@yourbank.com.
It actually is NOT from your bank,
but it is a “spoofed” or fake email. That is pretty easy to do.
2.
The email claims that your account could be
disabled if you do not log in to your online banking. They provide you with a
link which appears to be very legitimate.
3.
You press the link, and get a site with the
exact look and feel of your bank’s log-in page, but in reality it is not.
4.
You enter the username and password, and the
hacker gets them. Most probably he will either display a message saying that
your account will not be disabled, and thanking you for verifying your account.
5.
The hacker will have full access to your
account.
Protection from
phishing:
So how do you protect yourselves you ask me? It’s not that tough,
but you have to be very alert.
1.
Never respond to emails with password requests.
Companies who respect themselves will never ask you for your password.
2.
Do not press on links within the email. If you
really believe that the email is authentic and you need to perform an action,
just go to your internet browser and type in the address of the site you need
to visit. That will directly take you to the site you want, not the site the
hacker wants you to visit.
3.
In case of a bank, when in doubt, call the
customer support. Ask them if they did send an email. Even then, go back to
rule 2. Hackers might know that the bank sent an email and so they make use of
such an event to attempt phishing.
4.
Lookout for any misspellings, different website
designs, or any other modification to the site you visited. That could indicate
a definite phishing attempt.
5.
Check if the site is not using HTTPS. For example,
Gmail and Hotmail and your bank’s accounts will ALL be using HTTPS, with that “golden
lock” icon. Phishing sites will be using HTTP and no golden lock icon.
6.
Google is your friend, I keep on repeating this.
When in doubt, search the internet, you WILL definitely find something.
Finally, do check this site which has a small “test”
regarding phishing. It tests your observation, and gives more tips. It won’t
take more than 5 minutes, please do check it. https://www.phish-no-phish.com/
0 comments:
Post a Comment