12 Tips to Avoid Phishing Emails and Sites

May 29, 2010

What is Phishing – Definition of Phising

tips to avoid phisingPhishing is the criminal fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

How to Avoid Phising

1. Be Suspicious : Never respond to emails that request personal financial information: You should be suspicious of any email that asks for your password or account details, or includes links for that purpose. Be vigilant, that no bank or financial institution sends such types of emails to its customers.

2. Be Specially Alert, When You See a Warning Email That Your Account is Compromised: Play cool. Phishing emails generally come with alarming claims (e.g., that your account details have been stolen or lost). Whenever you get such an email, report it to the bank by directly going to their website. Do not respond to the the phishing email in any manner. Let it rest in your Junk / Spam folder.

3. Phishing mails usually use a generic greeting: Just because of the simple fact that in most cases, phishing attempt people do not have your complete identity and they send the emails in masses, such mails do not start with your name in the addressee place. Typical emails start with salutation such as “Dear valued customer,”

4. Look for misspellings or substitute characters (e.g., “1nformati0n”): They are generally inserted in an attempt to bypass anti-spam software.

5. Never Follow the Links embedded Links: If you feel compelled to follow the email, then do not click on the embedded link in the email. Instead, type in directly in the browser. You can also try your browser’s built-in search window. It is often able to catch the phishing sites.

6. Keep a regular check on your accounts: Howsoever vigilant and smart you are, there are always chances of getting duped, when it comes to online information. Make it a habit to regularly log in to your online accounts and check your statements.

7. Exercise Restraint on the Web: Remember that shady sites, porn, drug selling sites, gaming sites, torrent sites, P2P Networking, Free Software download sites; all of them come in high risk area. Do understand, that nothing is free in this world. You never know, when that free software contains malware scripts, which play havoc with your computer’s security.

8. Pause Before You Click: Make it a habit to pause and think for a second before clicking any link. Try to guess, where you are likely to land after clicking this link.

9. Look for “https://:”  Ensure that the website you are visiting is secure. Check the web address in the address bar. If the website you are visiting is on a secure server, it should start with “https://” (“s” stands for secure) rather than the usual “http://”.

10. Look in the Browser Status Bar: Hover your cursor over the link embedded in the phishing email and look in your browser status bar. Remember, the actual location to which a URL points may be different what you see in your browser. The actual destination is shown in the status bar of the browser. Also look for a small padlock icon on the browser’s status bar. It tells you that
the website is using encryption.

11. And Most Importantly – Keep your computer secure: Anti-spam software will prevent many phishing emails from reaching you. A firewall also helps to keep your personal information secure and block unauthorized communications. You should also run anti-virus software to detect and disable malicious programs, such as spyware or backdoor Trojans, which may be included in phishing emails. Keep your internet browser up to date with the latest security patches.

12. Last But Not the east – Always report suspicious activity: If you receive an email you suspect isn’t genuine, forward it to the spoofed organization. Many companies have a dedicated email address for reporting such abuse.

Happy Browsing.