How to Protect Yourself from Phishing Attacks - UK Net Guide

How to Protect Yourself from Phishing Attacks

What you Need to Know

Phishing is the name given to attempts to acquire sensitive information from individuals and companies through sending emails disguised to look like they are bona-fide.
As well as sending out fraudulent emails, sophisticated phishing efforts can also involve the creation of genuine-looking websites.
Alongside fake emails from banks and credit card companies, fraudsters also mock-up fake emails from social networking sites such as Facebook and Twitter.
Many scams work by getting you to click on a link, usually one designed to look like it will take you to a genuine site. If you have any doubts that an email is really from who it says it’s from, never click on any links.
Poor spelling and grammar and threatening language may indicate that an email is not what it seems.
Hovering over links in an email with a web cursor can allow you to see where a link will lead, so make sure this matches the destination advertised.

What is Phishing?

Phishing is the practice of attempting to obtain sensitive information from individuals and companies through false pretences, usually by emails disguised to look like they are bona-fide. For example, fraudsters may craft and send an authentic-looking email to customers of a certain bank, informing them that there is a problem with their account and asking for personal information. Since these emails can look and feel genuine, many people do respond in good faith, parting with sensitive data and so placing themselves at risk of fraud.

As well as sending out fraudulent emails, sophisticated phishing efforts can also involve the creation of genuine-looking websites, again designed to lull you into a false sense of security and part with personal information or money.

Increasingly, criminals are taking advantage of the relatively lax attitude to online security of users of social networking sites such as Facebook, for example by sending messages claiming to be from social networking site administrators requesting sensitive information.

What Should You Look Out For?

The techniques used by online fraudsters constantly evolve, and phishing is no exception. As such, while some efforts look crude and are unlikely to fool anyone remotely web-savvy, some phishing emails can look genuine, incorporating official logos and signiatures. However, there still may be some tell-tale signs that an email is not genuine. Microsoft advises that the following should set alarm bells ringing;

Poor Spelling and Grammar: Given that most cyber-criminals are more comfortable with computer code than the English language and given that most big businesses have an in-house team of writers and editors checking all correspondence before it is sent out, poor spelling and bad grammar suggest an email could be a scam.
The Use of Threatening Language: To get you to click on a link or reply with sensitive information, fraudsters may use threatening language. For instance, an email could warn that your social networking site may be closed down or your credit card could be cancelled if you don’t take immediate action.
Links in the Email: Many scams work by getting you to click on a link, usually one designed to look like it will take you to a genuine site. If you have any doubts that an email is really from who it says it’s from, never click on any links.
A Lack of Personal Information: A genuine email from your bank or a social networking site will almost always contain some personal information – for example ‘Dear John’ at the beginning. Any email that begins with ‘Dear Customer’, therefore should be immediately treated with suspicion.

Note, however, that these are just some of the most-obvious ways of telling whether an email is genuine or not. Again, fraudsters are always using increasingly-sophisticated techniques, so the days when you can tell a fake email a mile away are long gone.

Top Tips for Guarding Against Phishing Scams

Despite the growing sophistication of scammers, savvy internet users can still keep themselves safe from phishing attempts by exercising a bit of common sense and more than a little caution;

Preview Links: A common trick used by fraudsters is to make the text displayed for a link appear to be genuine, when in fact the link leads to a completely different site. To preview where a link will take you, hover your mouse over it for a second or two. With most web broswers, this will cause the link’s destination to be displayed in the lower-left-hand corner of your screen. Be wary of simply hovering a cursor over a link for a second and seeing what is displayed here, since tricksters can manipulate this as well.
Don’t Assume: Remember that, just because an email contains accurate personal information about you, that does not make it genuine; fraudsters have ways of finding out your date of birth or maiden name, so don’t assume that, just because this information is correct that means the email’s genuine.
Use Your Browser: Never click on a link sent to you in an email, even if you are almost certain it is genuine. Instead, find the web address of the company or organisation purportedly contacting you and type this into the address bar of your web browser yourself. It may be less convenient, but it’s certainly a lot safer.
Upgrade: Most up to date browsers, including the latest versions of Firefox and Internet Explorercan warn you if you type an address into the address bar that is a known phishing site. Again, to benefit from these security measures, it’s good to get into the habit of typing in web addresses manually rather than clicking on links.

Reporting Phishing

If you receive a dodgy-looking email, don’t just ignore it. Instead, you should report it, for example by forwarding the suspect mail to the Anti-Phishing Working Group. Additionally, you should forward the email to the company that is being spoofed – for instance, if you received an email claiming to be from your bank, let them know.

Eagle Business Solutions Blog

Thursday, October 24, 2013