Knowledgebase
VirtualNet/Cyber South - Global Service Centre > VirtualNet/Cyber South - Support Centre > Knowledgebase

Search help:


What is Phishing?

Solution

A Phishing attack is an email, message or false advertisements via electronic communication that appears to be authentic and from a trusted entity (a bank, or frequently visited site). 

However, this is bait to gain access to your account .  Various techniques are used to make the user believe that the email is genuine and trick them into doing what the sender wants, which is typically to click on a link in the email or message.  The link then acts as the hook and leads victims to a Phishing web page which is generally almost an identical copy of the web page of the trusted entity being impersonated. 

It is generally a logon page that request sensitive information.  At this point, the user is deceived and submits the information requested.  The counterfeiter and the phishing attack is then successful as they can now gain entry to the account.

10 Tips to assist with Phishing Prevention:

 

  1. Never give out personal, financial or other sensitive information to anyone who requests it. Make sure that you're using a secure Web site when submitting sensitive information. To make sure you're on a secure Web server, check the URL in your browser's address bar it should begin with  https:// rather than the typical http://. Also, there should be a closed-padlock image in the browser's status bar. To ensure that the padlock image is not fake, double click on it and examine the Web site's security certificate.

  2. Be suspicious of e-mail that requests sensitive information because most organizations stopped making such requests via e-mail long ago because this tactic is used in phishing and spoofing schemes. If an e-mail asks for sensitive information, it most likely is a phishing attempt.

  3. Don’t click on links embedded in an e-mail that seems to come from a bank, financial institution or e-commerce vendor. In other words, for even a remote possibility of that e-mail being spoofed, don’t click on any links in it. Open a new browser window and manually type the site’s URL in the address bar.

  4. Enter a fake password. When prompted for a password, give an incorrect one first. A legitimate site will not accept the fake, but the phishing site will.

  5. Don't fill in forms contained in e-mail that ask for sensitive information. Most responsible organizations don't use an e-mail form for this purpose, as e-mail is not a secure medium. Submit such information only on secure Web sites.

  6. Keep your browser and operating system up to date with the most current patches available. Phishing attempts exploit browser vulnerabilities to fool users and install malicious code.  Take note of this, especially if using Microsoft Internet Explorer.

  7. Thoroughly check your credit card and bank account statements regularly and look for any unauthorized charges.

  8. Always use updated antivirus and firewall software to protect yourself from phishing attempts that try to surreptitiously install malicious software such as keyloggers on your machine.

  9. When in doubt, check. If you doubt the authenticity of a message, check directly with the institution.

  10. If you think you have fallen victim to a phishing attack, notify the Federal Trade Commission (www.ftc.gov) and the Internet Crime Complaint Center (www.ic3.gov) and immediately notify your bank, credit card companies and other stakeholders.

 
Was this article helpful? yes / no
Related articles E-mail spoofing
What is ‪‎Ransomware‬?
Article details
Article ID: 5
Category: Knowledgebase
Date added: 2014-01-10 13:10:55
Views: 155
Rating (Votes): Article rated 3.9/5.0 (21)

 
« Go back