Phishing has been a problem for anyone who regularly uses the internet for many years. Unfortunately, despite many ongoing efforts to reduce or prevent its impact, phishing remains a real problem for many people and businesses.
Phishing in short is a type of a scam. It involves faking emails or web pages, making them look like they were sent by a genuine company or website in order to trick the user in parting with sensitive information. This is normally by asking them to enter their username and password, which is then stolen.
An example of this is the fake emails sent to people claiming to be from banks. The email may make any one of a number of claims, such as the user’s online banking account being hacked, or may say that as it has been a long time since they changed their password and that they must do so now. They include a link to a web page that looks real but that doesn’t belong to the genuine site, that prompts you to enter your current username and password. They steal these, and can then access your site.
Tell tale signs of it being a phishing attack include the use of bad grammar or multiple spelling errors, and a URL that isn’t recognizable as being exactly the one that the site normally uses. The email address that the email originates from is normally also suspect, being from a free provider such as Gmail or Yahoo! instead of being from the domain that your bank (or the website) owns.
Education is one of the most important tools when it comes to beating phishing attacks. By teaching users what a phishing scam commonly looks like, they are less likely to click on links, and even less likely to enter sensitive information. Such education may also serve to teach people how to investigate emails that they receive, and how to follow through proper channels to find out whether or not an email is genuine or not.
The problem currently is that even among people who are otherwise educated as to the dangers of phishing scams, there is a chance that they will click on a link without thinking. This is more likely when browsing the web, and can lead them to visit a fake web page that requests sensitive information. The best thing that a user can do in this case is to visit the genuine page as soon as they suspect that they have become a victim of phishing, and change their site password.
For that reason, a number of anti-malware program providers have started adding phishing prevention to their software. When installed and running correctly, the software will alert the user when they visit a web page that is known to be, or that appears to be a fake. Though they won’t prevent you from visiting the page if you really want to, the warning is quite clear.
As a last note, it is important to remember that almost no website has the right to ask for a person’s SSN. Notable exceptions to this statement include sites such as Paypal, and other money processing sites that may by law need your SSN to comply with tax regulations. If in doubt, it is wise to ask for a second opinion from your bank, or from an internet savvy friend. Don’t become another victim.