Phishing

No, we are not going fishing today, although I do feel like it. Actually in this age of technology, we have become the fish rather than the fisherman.

Those lovely hackers out there keep on creating ways to steal your data in order to impersonate you, access your accounts and even get your money. So how and why do these hackers do it? Simple.

Simplest form of phishing:

How can that be you ask? How many times have you received emails claiming to be from Hotmail/Facebook/Gmail/bank/game asking you for your username and password to verify that you are still a user of that service? If you don’t answer in 2 weeks, your account will be shut! It won’t be shut and you should NOT answer any of those mails.

Advanced form of phishing:

So, hackers got smarter as people realized that they should not go ahead and email them their passwords. What did they do? They started imitating the actual websites! Yup, hackers will take all the time and effort needed to get that password.

Their new technique is as follows:

1.       They send an email appearing to be from the company, example support@yourbank.com. It actually is NOT from your bank, but it is a “spoofed” or fake email. That is pretty easy to do.

2.       The email claims that your account could be disabled if you do not log in to your online banking. They provide you with a link which appears to be very legitimate.

3.       You press the link, and get a site with the exact look and feel of your bank’s log-in page, but in reality it is not.

4.       You enter the username and password, and the hacker gets them. Most probably he will either display a message saying that your account will not be disabled, and thanking you for verifying your account.

5.       The hacker will have full access to your account.

Protection from phishing:

So how do you protect yourselves you ask me? It’s not that tough, but you have to be very alert.

1.       Never respond to emails with password requests. Companies who respect themselves will never ask you for your password.

2.       Do not press on links within the email. If you really believe that the email is authentic and you need to perform an action, just go to your internet browser and type in the address of the site you need to visit. That will directly take you to the site you want, not the site the hacker wants you to visit.

3.       In case of a bank, when in doubt, call the customer support. Ask them if they did send an email. Even then, go back to rule 2. Hackers might know that the bank sent an email and so they make use of such an event to attempt phishing.

4.       Lookout for any misspellings, different website designs, or any other modification to the site you visited. That could indicate a definite phishing attempt.

5.       Check if the site is not using HTTPS. For example, Gmail and Hotmail and your bank’s accounts will ALL be using HTTPS, with that “golden lock” icon. Phishing sites will be using HTTP and no golden lock icon.

6.       Google is your friend, I keep on repeating this. When in doubt, search the internet, you WILL definitely find something.

Finally, do check this site which has a small “test” regarding phishing. It tests your observation, and gives more tips. It won’t take more than 5 minutes, please do check it. https://www.phish-no-phish.com/