Phishing refers to acquiring of passwords, credit cad numbers and other sensitive information by the attacker by the use of fake websites. In phishing, attacker will probably send a discount or offers via an email. Email will be disguised to make it look like it has been sent by the original sender. User will probably not suspect this email as it looks exactly like the one which they receive regularly from their bank or other trusted agencies. However, when the user clicks on the link in the email they will be taken to a phony clone website which looks exactly like the original. Still, the user might not suspect as this website looks like the site which they have used for some time. When the user enters their credentials to login, it will be recorded by the attacker. Not only emails, attackers do phishing by using phones, IM, social networks and other sites.
By following these guidelines you can avoid phishing scams and prevent phishing attacks:
1) Install an antivirus program or internet security software: An antivirus program or internet security software has anti-phishing enabled which will stop you from entering a phony site.
2) Check the email’s from address: If you check the email’s sender address you can figure it out that it is from a trusted source or not.
3) Do not click on links: Even if the sender address is genuine it is not a good practice to click on the links in the email. Instead you can type in the URL of the site you want to visit. Then, you can get the discount or the offer code from the email to use it on that particular website.
4) Check the URL: When you are visiting a site, before login check the URL in the address bar of your browser to see if you are in the correct website.
5) Do not disclose sensitive information on phone: Even if you get a call from someone saying that they are calling from the bank or any other organization, you should never share the login details or any other sensitive information to them.
6) Do not click on external site links in social networks: When you are browsing in social networking sites you need to make sure that you are not clicking on the links to site where you have to login.
7) Do not share details in IM: In a conversation in instant messaging you need to make sure that you never share your details even if the other person says that they are representatives of that organization.