Phishing is a method to try and gather unknowing user's personal information using deceptive e-mails and websites. It could be used to gather login information, or even credit card details.
Below are few tips to identify phishing attacks. After knowing these tricks, the chance of being a victim to phishing attacks will be greatly reduced.
1. Identifying suspected phishing email
2. Check the source of information from incoming emails
- They duplicate the image of a company
- Using the name of a company or an actual employee of the company
- Include websites that looks very similar to a real business
- Promoting free gifts which in turn asking you to fill up your particulars and information
- Tricking users to reset their password or to confirm their password
Banks will never ask for passwords or personal information by email. Never respond to these questions. If you are unsure, call the bank directly for clarification. Some phishing websites uses links that are very similar to original links.Real Link: https://www.lenovo.com/sg/en/Phishing link: http://www.1enovo.com/sg/en/
3. Never go to your bank's website by clicking on any links included in emails.
Do not click on hyperlinks or links attached in the email, as it might direct you to a fraudulent website. Type in the URL directly into your web browser instead.For tips on checking the validity of links, please refer to another guide for Checking if a link is safe.4. Enhance security of your computer
Our company has antivirus which will remind users of phishing emails if it is detected as suspicious. However it can still goes undetected, or the user can still click to proceed with opening the link.5. Enter sensitive data only in Secured Websites
Safer websites normally begins with https:// in their URL instead of just http://. the S behind actually stands for secured. Where, normally companies will need to pay and get their website verified bu the certificate issuer in order to be able to use https://It can be identified either by the https:// or by a secured icon6. Check your accounts often
Check your bank accounts, or other important accounts to see if there are any irregular activities going on. You never know when your information has been leaked out.7. Phishing do not only attacks Banks
Although majority of Phishing Attacks are targeted at banks, it is often used to attack popular websites such as Facebook, Instagram, eBay, iCloud, Gmail, etc.8. Phishing includes all language
Phishing comes in all language. In general, it is normally poorly written or translated. So do be suspicious if the emails are poorly written. Although this does not meant that all Phishing email are poorly written. There are plenty of good ones too.9. Do not risk it if you have even the slightest doubts
The best way to prevent phishing is to consistently reject any email or news that asks you to provide information. If you have the slightest doubts, contact the sender directly if you know them to ask, or let your friendly neighborhood IT take over to investigate the mail.10. Change your passwords regularly and use complex passwords
Ideally, it would be good to change passwords every 30 days. however, 60 to 90 days would be good too. It is better than not changing for years.One of the common ways a hacker tries to break into an account is trying out, birthdays, mobile number, name of spouse, IC, etc. So by using a complex password, it will make it harder for them.Few techniques to create a stronger password;- minimum of 8 characters- Combination of Symbol (#!), Numbers (10), Upper Case (U), Lower Case (u)- Does not contain Name, IC, Phone, CompanyThese are just a few, where I'll do up a more detailed guide for those who wish to know.
11. Keep yourself updated of new techniques or malware
As Technology are growing, the number of attacks and techniques has also grown along with it. So keep yourself updated by reading IT Security news when you have the time. :)
Last but not least, i have attached a few screenshots of phishing websites done up by hackers. You will be able to see how similar it is as compared to a genuine website. Beware...