Guarding Against Online Threats: Understanding and Preventing Phishing on the Internet

Introduction

In the ever-evolving landscape of the internet, safety is paramount. As users, we must remain vigilant against potential dangers, scams, and cybercrimes to safeguard our personal and financial information. This post delves into one of the most well-known and widespread online crimes: phishing. We will explore what phishing is and provide you with seven tips to avoid falling victim to phishing on the internet.

What is Phishing in Computing?

Phishing is a form of social engineering employed by cybercriminals to acquire personal or financial information, such as passwords or credit card numbers, by posing as a legitimate company or institution. In essence, it involves identity theft, typically impersonating a reputable company or government entity with the aim of stealing sensitive data through emails and links to fraudulent websites.

Phishing Scenario

In the realm of phishing, cybercriminals, or phishers, create an illusion for users, making them believe they are in a legitimate and original location. This impersonation is often executed via email. The phisher crafts an email with a striking resemblance to the branding of the company they are pretending to be, incorporating logos, slogans, and other brand elements.

These fraudulent emails usually contain links to a website that closely mimics the original. While these phishing emails often find their way into spam folders, users may still be lured into providing information that the phisher can exploit for selling, scams, or other fraudulent activities.

Here is an example of a phishing email, showcasing its striking resemblance to a legitimate communication from a bank:

7 Tips to Avoid Phishing on the Internet

No one is immune to falling into the trap of phishing. Any user can become a victim of online scams, especially when the phishing attempt disguises itself as a completely legitimate website or when the user possesses an account with the entity from which the data request appears to originate.

However, you can shield yourself from these threats by adhering to a set of recommendations while navigating the internet. Below are 7 tips to help you prevent falling victim to phishing on the internet:

1. Check the Spam Folder for Emails: Phishing emails are often sent in bulk to reach a wider audience. If you find an email in your spam folder, it’s a good sign to start being suspicious.
2. Examine the Sender’s Email Address: Phishing emails often have the company name in the email address, but the domain doesn’t match. In the example email, the domain doesn’t correspond to the bank’s domain, indicating a potential phishing attempt.
3. Look for Personalization in Legitimate Emails: Legitimate notifications from websites you’re registered with usually include your name for a more personalized touch. Phishing emails, on the other hand, are mass-sent and lack this personalization. If you don’t have an account with the company they claim to represent, it’s likely phishing.
4. Verify Website Links: Phishing emails typically include links that imitate the original website. Even if the link appears legitimate, it’s an anchor text that redirects to another address. Hover your mouse over the link without clicking to see the true destination in the lower-left corner of the browser.
5. Exercise Caution with Email Attachments: If an email seems suspicious, avoid opening the attachment. Sometimes, the attachment is included merely to trick email managers into marking the phishing email as “safe,” even though these files are often fraudulent.
6. Check for HTTPS in Web Addresses: If a website lacks an SSL certificate, Google Chrome now marks it as insecure. If you encounter such a warning, never provide your data. An HTTP website doesn’t encrypt connections, making data easily accessible to potential thieves.
7. Watch for Grammatical Errors: Phishing emails attempting to impersonate international entities may automatically translate the message. If you notice errors or lack of coherence, it’s a clear sign of phishing.

A New Variant: Smishing

As social engineering evolves, new modalities emerge with the sole purpose of obtaining personal and payment information for scams. Enter smishing, a variant of phishing that employs a slightly different scenario. It replaces emails with text messages or SMS and even WhatsApp messages.

While the techniques to lure users into clicking on a link leading to an illegitimate site remain the same as traditional phishing—account suspension, login requests, password solicitations, or even malware infiltration (trojans)—the medium changes to text messages. In both cases, the user tries to impersonate a well-known company, going so far as to falsify the sender’s phone number.

Recap: Navigating Safely in the Digital Era

In today’s interconnected world, where we conduct various transactions, from banking to scheduling medical appointments, being online exposes us to the dangers and scams of the internet, such as phishing and smishing. However, following some guidelines can help you avoid falling victim to these threats.

Remember these tips to avoid phishing on the internet and precautions to take when you receive a suspicious email:

1. Did the email land in the spam folder?
2. Check the sender’s email address.
3. Do you have an account with the company requesting your data?
4. Confirm that the URL shown in the email body is genuine.
5. Avoid opening email attachments.
6. Is the website secure with HTTPS, or is it insecure with HTTP?
7. Are there grammatical or punctuation errors in the text?