Phishing (pronounced Fishing) is a term used to describe the process whereby a third party trick you into divulging sensitive information by impersonating a trustworthy entity or website such as a bank, insurance company or any institution that store private, sensitive information.
In the digital world, we as users are overwhelmed with technical terminologies. Most of the time we don’t bother to acquaint ourselves with these terminologies. In a recent post, I discussed the importance of changing our mindset to understand the importance of online security.
This is the second article about Phishing. Phishing is real, but through proper awareness and training, we can limit the potential damage caused by these attacks.
How does Phishing work?
Most of the time phishing is carried out via e-mail or other instant messaging applications. The phishing scam starts with an email purportedly from a bank, your ISP (Internet Service Provider) or any other entity that you may have signed up. Once you received these messages it prompts you to follow a link to validate some personal information. Failure to comply will lead to account suspension or even termination, according to the scamsters. To gain credibility with the recipient a phishing message will be portrayed as if it is coming from the legitimate organisation. The message will include the logos and other visual identities stolen from the impersonated organisation.
A classic example of a phishing attempt is where the user (you) will receive an email from your bank. The user will open the email and will follow instructions by clicking on a link. Instead of taking you to the bank’s website the link will redirect to the scamster’s website. Everything you fill in will be sent to the attacker and used to illegally access your account. Once the account is compromised, the attacker can abuse it in various ways, depending on what type of account that is.
Identifying phishing messages
As you receive more and more phishing messages, you will learn to identify them. These messages are most of the times rife with spelling errors. This mostly happens because the attacker is not a native English speaker. The message is also impersonal. It often starts with “Dear user” rather than your username or full name as normally communicated by your bank. Unlike real legitimate messages from your bank, phishing messages don’t mention your full name or user name. They are designed to trick every recipient.
How do you protect yourself against phishing?
The very first step is the use of a spam filter – a solution that is usually integrated with your anti-virus product. The spam filter will filter legitimate emails from junk mails. A good anti-spam filter blocks the phishing attempt in its early stage, so you don’t even see the lure that is being thrown at you.
Secondly, setting up two-factor authentication for the accounts that support it ensures that, even if somebody gets your login credentials, they couldn’t log in without a secondary password sent from your mobile device. Two-factor authentication comes standard on Internet Banking facilities.There are however cases where fraudsters managed to clone the sim card of the user and bypass the additional security. Two-factor authentication is also offered with most social media platforms.
Phishing is a reality, and again it is the responsibility of users to change their mindset and understand that we all are vulnerable to possible phishing attacks. This is not rocket science, and there are many ways to prevent phishing attacks.
Feel free to contact us if you need a solution or if you have more questions.
Author, Fritz Els 08 April 2018