Hi all users, before starting this post lets know what exactly phishing is. "Phishing is the method of stealing login credentials(username & password) by directing the slave to a fake (clone) login page, that logs the login information without the knowledge of the slave. Such clone website is known as a phisher website."
In today's post we'll learn how to protect (secure) yourself from being fished by phishers. It's a simple but very effective way to protect yourself from phishing attack.
How to protect yourself against phishing?
Use Your Login Info In The Correct Places Only.
Don't ever put your login information anywhere else than the page you registered to, unless it's a trusted service you know (like youtube or blogger asking for your google account's info).
Make Sure The Website You're Logging In Isn't Fake.
Whenever you login to a website, if you didn't type the URL(website's address) of the website yourself, i.e. if you clicked a link that let you to the login page(from message, website, search engine results), always check the url to see if you're in the right place or not.
For instance, if you're logging in your facebook account, make sure the url appears as https://www.facebook.com/whatever
Where a phisher page would look like http://www.facebook.freewebs.com/... or http://www.facebook.spam.com/... or http://www.facebook.spam.com/... or any url whose part before the .com isn't exactly the same as the page you want to login to.
Make Sure The Links You're Clicking Aren't Fake
Whenever you are clicking on a link, check where the link goes before clicking it. Links can be masked to appear as something else than the page they're leading to. For example, www.google.com leads to yahoo instead of google. Fortunately, in most browsers, whenever you point your mouse cursor over the link, the true location of the link is displayed on the bottom left part of the screen. Try it with the above link.
This is particularly important because it can protect you from another, rarer but more dangerous method called cookie stealing, which is basically automatically steals your account if you're previously logged in the website.
I think it's good to let you know that links of phishing pages are usually spread via email, and often represent impersonating trusted services and persons, such as making the email appear as it's sent from the website you've registered to (like bank account info etc.), or a friend of yours whose account has been compromised.
What to Do If You Have Spotted A Phisher?
1. First of all report the phisher as soon as you can to the address below:
http://www.google.com/safebrowsing/report_phish/
2. If the phishing attempt has been done via message, report the message in any of the following services:
http://www.reportphish.org/forwardphish.php
http://www.reportphish.org/forwardphish.php
http://www.us-cert.gov/nav/report_phishing.html
3. If you received the message from a friend's compromised account, inform your friend, and other friends that might be in danger.
4. If possible, inform the admin of the website/forum that the phisher is made for.
No comments:
Post a Comment