What are Phishing Scams?
Phishing is a method used for fraudulent activities on the internet. It usually involves the creation of fake websites or web pages of legitimate organizations, that ask the user to input personal details like bank details or credit card details etc.
Types of Phishing
Spear Phishing –
It is used to gather personal information from the target group of individuals or an organization. These are directed only towards the targets of the scam.
Clone Phishing –
It is a type of phishing attack where the content of a legitimate e-mail attachment link is modified and altered to cater to the needs of a third party.
This is a type of spear phishing which targets higher officials of the organization.
Techniques of Phishing
E-mail /Spam –
An email is sent to a lot of people asking them to send their personal details. They can also be asked to visit a different website to fill in their details. The information gathered by the attackers is used for illegal activities.
Web-Based Delivery –
The phisher becomes the middle man and collects information when a transaction occurs through a legitimate website.
Link Manipulation –
The attacker manipulates a link on a website. When the user clicks on the deceptive link, the phisher’s website is opened.
Inputs from the keyboard are identified, and data is easily collected.
Makes unauthorized access to a computer. The data collected from the computer are sent to the phishers.
Session Hijacking –
The phisher hijacks a web session.
Vishing (Voice Phishing) –
Through a fake caller ID, the attacker makes a phone call and urges the target to dial a particular number.
Smishing (SMS Phishing) –
Through an SMS, the user is tempted to click the link to the phishing website.
How to identify Phishing Websites
- Check the URL – always check the validity of the website. A valid URL always begins with either ‘https://’ or ‘shttp://’ Also, check the spelling of the website. Many websites almost have the same URL as of valid websites, but can have small changes like ‘O’ is replaced with zero (0). For example, “g00gle.com’. Fake websites are at large on the internet, so always check for the authenticity of the website in order to keep yourself away from these cyber-attacks.
- Check the ownership of the website – Usually, the ownership details of a website are mentioned at the bottom of the webpage. Contact details are also provided. But, in most of the phishing pages, there are no ownership and contact details.
- Assess the website content – Pay attention to the content of the website. In phishing pages, there are higher chances of spelling mistakes, broken language, grammatical errors, or low-resolution images, etc.
- Payment Method – Legitimate websites always ask for payment through credit cards, debit cards or some other online transaction portals like PayPal, Paytm, etc., But, if the only payment method available is through bank transfer, then the website, then you must realize that the website is a phishing scam.
- Check Connection security Indicators – Earlier when monetary transactions were not possible through the internet, all the websites were built around HHTP. Data transferred through HHTP can be easily interpreted, decrypted and manipulated.
Thus, to make communications secure, security certification or SSL was introduced. SSL was then developed into Transport Layer Security or TLS. Nowadays, both SSL and TLS are collectively referred to as SSL. To put it simply, never trust provide personal details like bank account number or credit details in websites which have only HTTP in the URL.
- Check Certificate Details – Most of the legitimate websites allow you to view their certificate details by clicking on properties of the websites. Websites can have many certificates, namely DV, OV or EV.
DV certificate will portray the domain name. OV certificate will have details about the organization like name, location, etc. The EV certificate provides a lot of information about the organization. For commercial websites, the availability of the OV certificate is recommended.
- Check for Trust Seals – A website containing trust seals is a way of reminding the visitors that they are browsing through a secure website. But, just seeing the website is not enough. To be extra sure about the website’s security, you can click on the trust seal. By clicking on the trust seal, you’ll be able to see the SSL/TSL certificates of the website.
- Trust Your Browser – Don’t ignore those alerts by your browser. Your browser is made in such a way that it prevents you from opening susceptible websites. So, don’t allow an unknown website to access your computer and also don’t grant permissions before verifying their validity.
The 21st century is the century of the internet. Every day, new applications and programs are launched. In the same manner, phishing techniques and applications are also developed. Thus, with advanced technology, cyber attackers are making progress with collecting personal data of individuals and using them for illegal purposes. Thus, it is necessary for every person using the internet to know about malware, phishing attacks, etc. for their own benefit. It’ll be beneficial if you have the basic knowledge about website development, internet processing, and other such technologies.
The best way to prevent oneself from being scammed is to use the internet with the utmost caution. The realization must be dawned upon the users that the internet is a dangerous place. Each and every step of browsing the internet should be monitored upon. Also, never fill in your personal details on any website that is not acknowledged by a certified institution, and that doesn’t bear trust seals. Cybercrime will be existent as long as the cyber network is present. Thus, we should not give in to temptations and lose our senses while working on the internet.
Let’s reinstate five ways to protect ourselves from phishing:
- Always check the URL of the website.
- Not disclose personal details on unsecured sites without proper validation.
- Being susceptible to e-mails from unknown sources.
- Assess the content of the visited websites thoroughly.
- Being aware of malware and other malicious techniques like phishing, hacking, etc.
Don’t Click that Link! Review it before you do!