The World Wide Web is a incredibly dangerous place. Threats lurk around every corner and behind every link. Malware threats have never been more prevalent. Security breaches can negatively impact our lives like never before. As a society, we are becoming more dependent on technology and information. Even a seemingly small attack could compromise email and social media accounts. It could even harm you through the pain of identity theft.
Stay Secure When Surfing Online
A VPN can protect your identity and location
Most people take appropriate caution in relation to viruses when downloading files – especially via BitTorrent. However, other equally catastrophic cyberattacks don’t get the attention they deserve. Though they may not seem as threatening as a virus, or as annoying as adware, phishing attacks can still land you in world of hurt. Unfortunately, most users don’t know what phishing attacks are, how they work, or how to defend against them.
Want to stay secure when donwloading? Check out our 5 best VPNs for torrenting guide.
To help you stay safe online, I’m going to show you how to protect yourself from phishing. First, let’s define phishing and take a look at some of the most common types of attacks.
What Is Phishing?
Phishing is a term with several different meanings. Merriam-Webster defines it as: a scam by which an email user is duped into revealing personal or confidential information, which the scammer can use illicitly. However, I think that’s too wide a definition. The attack doesn’t necessarily need to use email (though it is often used).
When people use the term phishing in common language, it typically refers to a malicious link to a website designed to steal users’ login information, credit card data, usernames, passwords, and other similar sensitive information. Most often, the scam artist or hacker sets up a fake website that looks, feels and behaves like a genuine website. There’s one dead giveaway that the site is fake, however: the URL isn’t spelled correctly. For example, www.google.com versus www.goggle.com.
When a user visits the fake site, he or she thinks that it is legitimate. He/she then tries to log in, enter personal information, or interact with the site as usual. Unbeknown to the duped victim, however, the site is really sending all of the information to a hacker. The hacker can then use the information to log in to the victim’s account.
Types of Phishing Attacks
The email scam I described in the previous section is the most common form of phishing . However, phishing can take many forms. Hackers and phishers are always becoming more sophisticated. They have found some truly devious ways to enhance a standard phishing attack to make it many times more potent. These are some other common types of phishing attacks:
Standard phishing/deceptive phishing – the attacker emails victims links to malicious sites with fake URLs that harvest personal information.
Whaling/CEO phishing – the act of specifically targeting high profile figures in fishing attacks, such as authorities, leaders and CEOs.
Spear phishing – instead of trying to cast a wide net, the hacker focuses on a sole target . He/she uses personal information to gather credentials or banking information.
Pharming/DNS poisoning – an attacker poisons a DNS table so that a user’s DNS query resolves to a fraudulent IP address, even though the domain name isn’t bogus and lacks spelling errors.
Account security/verification phishing – some phishing attacks (sent in the form of emails) claim to be account verification links, or claim they need to be followed to secure an account. These usually impersonate legitimate services such as Gmail or Dropbox.
This is certainly not an exhaustive list of the different phishing techniques. However, these are among the most common. As you can see, the attacks have two main goals. Firstly, the attacker wants to get you to visit a website that he/she designed and controls. Secondly, the attacker wants the user to think that it’s a legitimate site and enter their information.
With that understanding, let’s take a closer look at how to prevent phishing.
Prevent Phishing Tip #1: Don’t Follow Email Links… Ever!
Email is one of the most popular distribution mediums for phishing attacks, and for good reason: it works. Plenty of victims still follow links from malicious emails. Hackers and attackers frequently use emails to send unsuspecting users links to bad URLs designed to look like legitimate websites. You shouldn’t ever follow a link from your email, especially if you don’t know the sender.
As best practice, you shouldn’t follow links from known contacts either. If the sender’s computer is infected with a virus, the virus could be emailing links to phishing sites to every person in their contacts list. The sender could also include a link to a bad URL in an email without realising. Even if you trust the person who sent the email, it’s better to err on the side of caution. Refrain from clicking on any links they send you!
Instead, there are a couple of safer alternatives. For starters, if you want to visit the webpage linked to in an email, you can use Google to manually look up the site. Also, you can keep bookmarks of sites that you frequently visit. This can help mitigate the chance of a successful phishing attack.
For example, if an attacker sent a link to www.faceboook.com in your email, you may not notice the bogus URL. However, choosing to not follow the bogus link by using a bookmark for the genuine Facebook URL will completely circumvent the phishing attack. It won’t protect you if your DNS cache has been poisoned, but keeping bookmarks and looking up sites manually will circumvent the vast majority of phishing threats.
Prevent Phishing Tip #2: Only Send Sensitive Information to Sites with HTTPS and a Valid Certificate
Hyper Text Transfer Protocol Secure (HTTPS) is far superior to HTTP. It adds encryption to your connection. It uses authentication algorithms and Secure Sockets Layer (SSL) to secure your connection. As such, third parties can’t intercept and read your data. Unfortunately, HTTPS isn’t used on every website, despite Google encouraging website administrators to implement it by including it as a factor in the search engine ranking algorithm.
HTTPS doesn’t ward off phishing attempts. However, sites that use HTTPS (generally speaking) are more credible than sites that don’t, though there has been a rise in phishing sites taking advantage of this technology. Remember too to share sensitive information only with websites that have a valid certificate from a Certificate Authority (CA).
When your connection utilizes a certificate in addition to HTTPS, you’ll see a locked padlock in your browser as well as a green bar. Since a valid certificate is assigned by a trusted source and binds a cryptographic key to a domain, you can rest assured that the website is trustworthy. If you don’t see the padlock or green bar, refrain from sending personal information or credentials.
Prevent Phishing Tip #3: Use Antivirus Software with Anti-phishing and Anti-spam Features
As a general rule, everyone should use antivirus software to defend against hackers, viruses, and malware. It’s 2017 folks and more cyberthreats exist today than ever before. Not using an antivirus solution is just begging for trouble. More specifically, you should find an antivirus application that includes anti-phishing features.
Antivirus developers and security firms maintain massive lists of URLs, sometimes called blacklists, that are known to be suspicious, malicious, and dangerous. The antivirus software will check any URL you are about to visit against the blacklist. It will throw up a warning (if required) before the site loads. As they say, an ounce of prevention is worth a pound of cure. A simple warning could completely negate the possibility of a successful phishing attack.
Many antivirus applications also have anti-spam features. It’s likely that your email provider includes a spam folder feature to prevent spam from winding up in your inbox. An anti-spam feature is an invaluable tool for thwarting phishers.
Prevent Phishing Tip #4: Keep an Eye on Your URL Bar
More often than not, you can prevent many phishing attacks if you just look at the URL bar in your browser every time you visit a site. This applies to the most popular sites, such as Twitter, Facebook, Google, and so forth. It also applies to websites that you’re unfamiliar with. Unfortunately, these present more of challenge.
Given that phishing attacks most often try to imitate well-known websites, keeping an eye on your URL bar is an effective way to mitigate against attacks. Check to make sure the URL is spelled correctly, and that the domain suffixes are correct. Consider the following two examples:
In both of these hypothetical examples, the URL was intentionally crafted to mimic a valid website. However, the changes are so slight that most people won’t pick up on the differences, especially using their peripheral vision. The devil is in the detail. The first URL is missing a “t.” The second URL uses the wrong domain suffix; it should be a “.com” address. If you see anything that looks suspicious, don’t enter your personal information!
Prevent Phishing Tip #5: Use Browser Security Plugins to Mitigate Phishing
Modern web browsers are highly modular. You can add functionality for almost anything you can imagine. The best part is that these browser extensions and add-ons are typically free. As such, you should take the time to search for anti-phishing plugins for your browser of choice.
As there are so many different browsers, there are plenty of browser security extensions to choose from. Some of them only work with a select few browsers. Still, it’s easy enough to search for them if you use a mainstream browser like Chrome or Firefox. If you use Chrome, check out Google’s Password Alert.
Want more helpful articles like this?
Sign up to our Newsletter
Newsletter sign up
Want more helpful articles like this?
Sign up to our Newsletter
It only takes a moment to accidentally share your most private and sensitive information with a hacker without even knowing it. Being the victim of a phishing attack can have massive repercussions on your online reputation, finances, and credit rating. Remember the following five tips to ensure that you take appropriate actions to prevent a phishing disaster:
Don’t follow links contained in emails.
Only trust sites with your personal information if the site is secured with a valid certificate and HTTPS.
Use an antivirus application that includes anti-phishing and anti-spam features.
Keep a watchful eye on your URL bar to spot inconsistent or suspicious URLs.
Take advantage of browser plugins that are designed to weed out malicious websites.
Following these five tips will drastically reduce your chances of being the next victim of a phishing attack. Remember that it’s better to err on the side of caution, and that implementing these security strategies will put you one step ahead of hackers conducting phishing attacks!
If your looking for other ways to stay secure online, why not consider using a VPN? Check out our 5 Best VPNs for 2017 guide.