Blog

Rajib Singha
What is Phishing and How to Avoid it?
October 3, 2013

Phishing is one of the oldest tricks in the book of hackers. But as old as it might be, phishing still remains the most lucrative tool for cyber criminals; as they say, old is gold. This post tells you about phishing and measures you can take to avoid it.

what_is_phishing_how_can_you_doge_it_

What is Phishing?
Phishing is a fraudulent activity that is designed to trick the victim into revealing their personal and confidential information. This information usually includes bank account details, credit card numbers, and social security numbers to name a few. There are different ways a hacker can launch a phishing attack on his targets.

Phishing by Email
This is the most common phishing technique deployed by cyber criminals. Fake emails posing as crucial communication from a bank, ecommerce site or known legitimate entities are sent to the victim. These emails contain links to a fake Web site, which usually appears like a legitimate site and prompts the victim to sign in or divulge their personal information. In some instances, the phishing email itself contains an attachment of a form to be filled out by the victim. To trick the victim into visiting the fake Web site or fill out the form, such emails show a sense of urgency or a threatening situation. For instance, the target is informed that their bank account is at a risk of identity theft. To fix the issue, the user must verify their account by providing their banking details. The email might also claim that unverified accounts will be discontinued.

Here is an example of a phishing email that looks like it has come from Lloyds Bank:

phishing_email_from_bank

[Source: http://www.banksafeonline.org.uk]

Phishing by Call
Phishing is no more dependent on emails. Fraudsters have started using the telephone as their new pawn. In a phishing call scam, the victim will receive a phone call from a person posing as an employee of a bank, a software firm, or any other known organization. If it is from a bank, then the issue will be usually related to the security of the victim’s bank account. The caller instructs the victim to call another number, which in most cases, will be an automated attendant. The attendant will ask the caller for their bank account details like account number, pin number, password, etc. In some instances, a phishing email may instruct the victim to call a number, instead of urging them to visit a website or open an attachment. Phishing by phone is also called vishing.

This is how a phishing call might go:

Is this Mr. Brown? This is a call for you from (a popular) Bank. We have received reports of illegal withdrawals from your bank account. In order to contain the situation, and safeguard your account, we need to confirm your account number, expiration date, four digits at the back…” and so on.

SMiShing
Cyber criminals leave no stone unturned when it comes to having their way. Recently, there has been a sharp surge of phishing attacks that involve Short Message Service (SMS). Targets will be sent SMSs where they will be asked to click a link to a spoofed website. The website might ask the target for their personal information, or infect their computer with a malware. In some SMSs, the target is asked to call a certain number (sometimes toll free) and verify their personal information. Even here, phishers use scare tactics to trick the target. For instance, you might receive an SMS reading that your ATM card has been suspended or deactivated. To reactivate the service, you must call xxxxxxxxxxxx immediately.

Example:
Credit Union N.A. Please call us immediately at 1-888-xxx-xxxx regarding a recent restriction placed on your account. Thank you. [Source: www.t-mobile.com]

How to Avoid Phishing Attacks
Here are some simple measures you can take to prevent phishing attacks.

– Never entertain unsolicited emails, calls or SMSs.

– Your bank will never ask you for confidential information via emails, calls or texts. If you do receive any such communication, do not respond; even better, report the incident to your bank.

– Avoid accessing websites via links in email messages; especially those asking for personal information. It is always a safe bet to type the URL manually into the web browser.

– Do not fill any kind of form that comes along with an email.

– Provide your personal information only on secure websites. A secure website’s URL should always begin with “https” instead of “http”. Also important is the presence of a lock symbol on the website (see figure A). Clicking the lock icon should display the digital certificate that verifies the authenticity of the website.

secure-website-browser

Fig A.

– Look for spelling mistakes, grammatical errors or bad language in any email you receive; especially the ones you were not expecting. Emails from a genuine organization are proofread and edited before they are sent out to the customers.

– If you receive an email containing link(s), do not click it. Hover your mouse over the link and take a look at the left hand corner of the browser. It will display a link. Check if this link matches the one in the email. If it doesn’t, then suspect it as a phishing attack.

– If you receive any email from your bank that conveys a sense of urgency or threat, then call up your bank and verify the situation.

– Keep your system’s operating system updated and patched

– Go for an antivirus program that is capable of blocking phishing emails and websites.

– Keep a regular check on your bank account. Even if there is anything amiss, you will have enough time to contain the situation.

– Keep your web browsers updated and patched.

There is no silver bullet for phishing attacks or cybercrime for that matter. But taking the right precautionary measures, seeking help from the right authorities, and using the right security solution, do place us at a safer spot.

Have something to add to this story? Share it in the comments.

Rajib Singha
About Rajib Singha
Rajib is a Physics graduate and a technology enthusiast. Besides having a keen interest in the latest gadgets, he is also into IT security and all that it...
Articles by Rajib Singha »

70 Comments

Your email address will not be published.

CAPTCHA Image

  1. GOOD ONE.

    Reply
  2. Thanks for the details how to prevent from phishing traps.I will pass the information to my dear ones and friends.

    Reply
  3. Very informative………Thank you very much …

    Reply
  4. Rahul singhOctober 5, 2013 at 9:59 AM

    Good one

    Reply
  5. vinod kumarOctober 5, 2013 at 10:25 AM

    These information might be good & important for internet user’s.

    Reply
  6. suraj kumarOctober 5, 2013 at 11:41 AM

    nic service
    .

    Reply
  7. Thanks for giving precuations to phishing

    Reply
  8. Nice protection server.security.

    Reply
  9. ashokdhayalOctober 5, 2013 at 7:19 PM

    i want more information for phishing
    56

    Reply
    • Hello Ashokdhayal,

      We strive to keep our readers updated on various topics about cyber security. Stay tuned to our blog for more of such important information.

      Regards,

      Reply
  10. Very informative.. thank you

    Reply
  11. Thanks

    Reply
  12. Informative..!!

    Reply
  13. pradoshparidaOctober 6, 2013 at 6:38 PM

    THANKS.

    Reply
  14. its d 1 worth knowing

    Reply
  15. Nice………………………………….

    Reply
  16. good job… continue with informative updates in future…..

    Reply
  17. Good One

    Reply
  18. nice sarvice

    Reply
  19. I got an important guide.

    Reply
  20. Very nice

    Reply
  21. thanks for this niece piece of information.

    Reply
  22. bhavesh savlaOctober 8, 2013 at 11:04 AM

    Very nice

    Reply
  23. Bharat SinghOctober 8, 2013 at 3:56 PM

    Very good application

    Reply
  24. sanjay padariyaOctober 8, 2013 at 5:55 PM

    Very nice

    Reply
  25. Praful PatelOctober 8, 2013 at 7:52 PM

    Very good apps and most imported.

    Reply
  26. YVIJAYA KUMAROctober 8, 2013 at 8:48 PM

    Nice

    Reply
  27. sankara narayananOctober 8, 2013 at 9:36 PM

    great effort useful to all keep rocking!!

    Reply
  28. Rahul BiswaOctober 8, 2013 at 9:37 PM

    Thanku…for providing all detailed information. It will be helpful in future.

    Reply
  29. Very good

    Reply
  30. hardeepsinghOctober 9, 2013 at 9:22 AM

    great

    Reply
  31. great effort useful to all keep rocking!

    Reply
  32. Nice SAP

    Reply
  33. rahul chouhanOctober 9, 2013 at 9:34 PM

    nice

    Reply
  34. thank you

    Reply
  35. chandan SenapatiOctober 10, 2013 at 6:53 AM

    thank you for this information.

    Reply
  36. we really appreciate for the tips.

    Reply
  37. best

    Reply
  38. Thanks for all the update and really nice information

    Reply
  39. Hi,
    Im a member in many download forums as i download a lot mostly ebooks & latest movies which are uploaded on filehosting sites like rapidgator , mediafire , depositfiles etc.

    Recently i went to filehost kingfiles.net to download an ebook , and upon going to that site i was yet to enter the confirmation captcha and had to wait for few seconds before the start of download , and suddenly a quickheal message popped up on the bottom right corner of my screen , saying that a phishing attack was blocked , if you still wish to visit the site please click here.

    Now my concern is , is my system safe after that attack?
    I immediately disconnected from the internet , closed my browser and did a full boot scan and it found no virus.
    But there are many viruses that has the ability to hide itself from popular anti-viruses. So im still not sure if my system is totally clean or not.

    Im using firefox browser and under options > security , blocking phishing and harmful sites options are enabled (tick marked).

    I just want to know what are the symptoms i’ll get to see if my PC is affected by a phishing attack?
    Will it slow down or freeze or demand money like the ransomware viruses?

    Also i want to know are rapidgator.com and kingfiles.net a safe site to visit and download files from . Because their url has no “s” in http and says your connection to this site is not encrypted and yet millions of people across the globe downloading from these sites.
    Even this quickheal blog site says, your connection to this site is not encrypted.
    im confused. Please reply asap . Thank you in advance.

    Reply
    • Hello Leo,

      A phishing attack may do two kinds of things:

      1. It will urge you to give away your personal information such as bank account details, credit card number, etc.

      2. It may trick you into downloading a malware on your system.

      As you have mentioned, Quick Heal blocked the phishing attack. Therefore, it prevented the above two things from happening.

      As far as the safety of the sites rapidgator.com and kingfiles.net is concerned, we would advise you to do some research over them. You can use some of the tips mentioned in this post – http://bit.ly/1boZn9B.

      In case you require any further assistance, kindly contact our support team at 0-927-22-33-000. You can also raise a query at http://www.quickheal.com/submitticket.asp. Our support team will get back to you to resolve the issue you are facing.

      Regards,

      Reply
  40. Here is the report of the phishing attack –

    Fraudulent website accessed.
    Phishing Site: loadus.exelator.com/load/net.php
    Action Taken: Blocked

    I got this above phishing attack warning when the images of kingfiles.net were loading. But i regularly use kingfiles.net and never faced anything like this.
    After that attack and after the full boot scan , when i again visited the same kingfiles.net (ebook) url , i got NO quickheal message this time saying phishing attack blocked. Please help me on this one .

    Reply
  41. Its very good antivirus But connect a secure wifi then no update antivirus .

    Give a solution ..???

    Reply
  42. It is really good.I have activated net banking facility for my account.And I suggest one should know phishing attacks.I recommend to use virtual keyboard ,use the web site with “https:\” for safer online transaction..

    Reply
  43. must say that it was awesome man……
    thaks to the uploader….

    Reply
  44. Deepak JauhariJanuary 21, 2014 at 9:33 AM

    Hello Rajib sir..
    when i was on facebook, my account closed down and a message that read, “Suspicious activity has been detected on your Facebook account and it has been temporarily suspended as a security precaution. It is likely that your account was compromised as a result of entering your password on a website designed to look like Facebook. This type of attack is known as phishing”
    now what i do sir.. please hel me…..

    Reply
    • Hello Deepak,

      We would advise you to change your Facebook password immediately. Also, if you are using the same password for other online accounts, please change them too at the earliest.

      Regards,

      Reply
      • Deepak JauhariJanuary 22, 2014 at 10:01 AM

        hello Rajib sir,

        sir i have already changed my password….
        but , I have tried over and over to regain my account, but I forgot my security answer. I have tried every possible answer I think I would put, and they were all wrong.

        Sir I love my facebook account because of all the pictures and my levels and games and such (as any Facebook user would understand) so I don’t want lose it.
        But I don’t know what else to do,so what do I do? Please help.

        Reply
  45. s.narayananFebruary 7, 2014 at 4:17 PM

    most of the people like me may not understand the gravity of losing money while using credit or debit cards for on line purchases. ur article on physing is quite useful tks

    Reply
  46. Arun kumar SApril 16, 2014 at 7:10 AM

    Its a good remembrance to me.I always pass this msg to my friends sure..Thank you Sir…

    Reply
  47. Milind PanditApril 16, 2014 at 10:23 AM

    It’s really a matter of dedication on part of QH team that they always keep their consumers updated on the issues of technical frauds or phishing on a regular basis. It is their professionalism and commitment. I do appreciate it to a great deal. Special thanks for alerting the consumers of the dangers and harms likely to damage the forthcoming netizens or the ones gullible.

    Reply
  48. Thanks for sharing….

    Reply
  49. Daniel MathewsApril 16, 2014 at 7:43 PM

    Thanks for the alert and good advise.

    Reply
  50. Kisholoy GuptaApril 16, 2014 at 10:25 PM

    Excellent – information

    Reply
  51. asHOK JOSHIApril 17, 2014 at 8:37 AM

    Nice and usefull

    Reply
  52. DHARMENDRA KUMAR NIRALAApril 18, 2014 at 3:12 AM

    update hone me lagbbhag 4 ghante kyun lagta hai ?

    Reply
  53. very educative & informative .
    Thank you .

    Reply
  54. Debdas AdhikariApril 19, 2014 at 5:30 PM

    Excellent. Just Quickheal can do this service to safeguard the interests of its subscribers. kudos to the Team Quickheal.

    Reply
  55. hi,
    really informative n educating, did not know with such clarity, will circulate
    thanks
    pankaj

    Reply
  56. Great… quite informative

    Reply