Identify the threat, confirm the source, and avoid the attack. Originally, these phishing scams occurred by instant messages popping up on the user’s browser directing the user to enter in their sensitive information (so that it could be stolen and misused). Now, this malicious campaign is more aimed in the direction of fake (look-a-like) emails made to imitate banking, medical, IT administrative, etc… Authorities asking the victim “NOW” for critical information (trying to use some tactic to make the victim think they need to give up valuable information quickly or without thinking). How to stop phishing?
There are several ways to prevent falling prey to these phishing attacks:
Identify the Threat
• Does this email ask for urgent action? (i.e. “quick action needed”)
• Does this email avoid addressing the recipient by their actual name? (i.e. “customer”)
• Does this email ask for you to click directly on a provided link? (If in doubt, go to the actual website, do not click on their link to enter information)
• The email may look very legitimate, but if a recipient looks close enough there will typically be a few identifiable discrepancies. (however, that is why if in doubt it is best to go to the actual website, in case those things aren’t readily apparent)
• The link to the website will not be exact. (i.e. www.domainname.com)
Confirm the Source
• Websites secured with SSL certificates, particularly SSL with Extended Validation (E.V.) give the most immediate assurance. A green address bar can be seen in the users browser to identify that the website has been validated by the most stringent processes required for SSL.
• Look for the address bar to show HTTPS instead of HTTP, this means that there is at least some form of SSL certificate encrypting information on the site and that some validation has occurred. (NOTE: SSL with E.V. is the most well validated standard, it could be possible that a lesser SSL certificate could be applied to a website which was only domain validated and has a similar, yet different domain name)
• Look for the secure lock icon at the bottom of the browser, double click the icon and review the information provided. Make sure the webpage is truly encrypted.
Avoid the Attack
• Don’t use hyperlinks from the emails. It will just be safer to manually retype it into the browser. Clicking on the hyperlinks can bring a user to fake pages or result in malicious code attacks.
• Call the actual company in question and ask if they have requested sensitive information. Typically, they will never ask a customer to give out this information. Calling them is an easy way to double check and avoid any scams, they may ask for you to forward the malicious email so that they can investigate it further and alert other customers to the phishing attempts.
• Use firewalls for desktops and networks.
• Use Anti-Spyware Software.
• Never enter sensitive information into pop-up windows.
• Stay educated
Staying Educated about Phishing Attacks and Web Security
SSL Certificates are web security products that help prevent information from being stolen by encrypting the information sent from the user’s browser to the website server. This can help prevent more than just phishing attacks. These SSL certificate benefits have become a cornerstone in web security as they also require website owners to verify their presence to some degree. The degrees of verification or validation depend upon the SSL certificate being issued. The most thorough validation process is required for e-commerce businesses seeking SSL Certificates with Extended Validation (E.V.).
In order to get these certificates e-commerce businesses are required to provide the actual company address, which must be verified. They are required to provide phone numbers and documents which prove their corporation/business exists. After they successfully complete this process they are awarded the certificate which boasts the green address bar. This is the easiest way to identify the actual website and prevent phishing.
Article By: Kalpesh Patel