Top Three Tips to Avoid Being Phished

What is phishing? Put simply, it’s attempted fraud. It’s a method of conning someone, usually via an email, an instant message, or a website. It uses social engineering techniques to grab your passwords, credit card, and other personal details with a view either to stealing your identity or to extract money from your bank account.

The most common phishing is done via an email that looks like a genuine message from your bank, ebay, paypal, amazon, or some other worthy institution. Most often, the email will tell you that there has been some kind of suspicious activity on your account in the most alarming terms and tell you to immediately login and verify your details before any serious damage is done or you lose real money. Generally, the link in such an email will look genuine, but contain within it a hidden link to the phishers site. That site will be setup to look exactly like Paypal, your bank, or whatever and have the usual login box. But, when you enter your details nothing appears to happen, you cannot login. Most victims try again and again, thinking they are on the real bank site until at last frustrated they give their bank a call only to find that someone else has logged into their real account and cleared it of all funds and ordered a credit card to an address in Bulgaria. You have been phished.

So, how do you avoid it. Here are my top three tips to avoid being a victim of a phishing attack.

1. Never click a link in an email or instant message. If you really need to visit your bank’s website, type in the proper web address directly in your secure browser and if you are using a browser with tabs (like Firefox) make sure there are no other tabs open.
2. If you really must click links in your email, make sure you are using an email program that has antiphishing technology built in, for example Thunderbird, Pegasus Mail, or Google Mail.
3. Use false details on your first login attempt. When you visit a site, use a false password on your first attempt, if you get an error message, then it means the site didn’t find your password in its genuine database and will alert you to the fact. If your false login takes you to a landing page or nothing seems to happen, then be very suspicious of the site and do not try to login with your real password.

So, there you have it, a simple three step plan to avoid phishing attacks. Of course, you should also have a decent firewall running to prevent trojans and dialout scripts running, antivirus and antispyware software in place, and be running a secure email and web browser too, just to make sure you are really safe.