How to Protect Yourself from Phishing Attacks
August 7, 2018 | by Elisha Taasin
What is Phishing?
Phishing is a method of collecting confidential data by using emails, websites, and links that are designed to mimic trusted companies. Phishers aim to trick unsuspecting victims into disclosing private information such as passwords and credit card numbers.
In the past, fraudsters have fooled internet users into visiting knock-off or misspelled domains, but now their methods are much more intricate. By performing homograph attacks, a trick that allows users to register domains with characters and various alphabets instead of the default Latin script, phishers can create domain names that appear identical to legitimate web addresses.
Signs of a Phishing Site:
- The Web Address – If you notice an incorrect company name, misspellings, or extra characters or symbols, you may be looking at an illegitimate website.
- Pop-Ups – If you’re redirected to a website that immediately displays a pop-up asking for your login credentials, you’re probably on a phishing site. Some phishing scams even direct you to a legitimate site before displaying a pop-up to gain your username and password.
Signs of a Phishing Email
Immediate Action Required – Watch for emails that include urgent calls to action and state that your account has been compromised or will be soon be closed. Scammers tend to use language about maintenance activities, upgrades, and “routine security checks”—these phrases are all intended to trick you into providing confidential information like your login credentials or personal information.
The Email Domain – These messages often do not come from obvious corporate email addresses like CustomerCare@chase.com but instead from email@example.com, so pay attention to the little details.
Links to Fake Websites – Fraudsters may include links to fake websites that look identical to legitimate websites. Watch for web addresses that contain the official company name, but in the wrong location, or authentic links mixed in with fake links to make the phishing site appear legitimate.
When in doubt, remember to navigate to websites directly rather than using links, and if you do receive an unsolicited email, delete the email and reach out to the business to verify whether the message was legitimate. Some phishers will even provide the real company’s customer service email and phone number in the message in an effort to convince you of their identity.
How to Prevent Phishing Attacks
Look for the padlock icon in your browser indicating TLS or SSL encryption and check for a valid website security certificate (a digital file that verifies a site’s identity) before entering any of your confidential information.
Avoid clicking links sent in emails or from around the web; type the address yourself in the URL bar, or use trusted direct links. If you do click on a link in an email or from the web, pay careful attention of where they send you. Your browser will verify where you’re going and if it doesn’t say “chase.com” then you’re not going to Chase. This is an obvious giveaway and one they cannot hide. Your browser tells you definitively where you’re visiting and is one of few things you can trust.
Misspellings and “close” names are sometimes used fraudulently. With all the new TLD’s out there, you can obtain “Chase.travel” as an example and your email system may not display the true destination but your browser will. Try hovering over the link in your email and notice when it doesn’t match the rest of the email.
Many times the URL’s are short and have two-letter domains at the end because they are registered overseas, such as “goguscerrahisi.com.tr”—this is a domain registered in Trinidad in the Caribbean and obviously not Chase.com, or anything similar.
These schemes cannot prevent your web browser from revealing your real web destination, so with a little care and diligence, you can prevent yourself from being duped.
This information was provided by Utility Telecom, a California-based telecom company helping business owners protect their data with cloud-based telecom technology and information to help prevent phishing attacks. Utility Telecom is the premier provider of VoIP business telephone systems and internet services for businesses and organizations all over California and Nevada.