Blog
Rahul Thadani

A few tricks to avoid the ‘Phishing’ trap

May 11, 2012
19
Estimated reading time: 3 minutes

Phishing is a technique that scammers use to obtain personal information by posing to be from a legitimate source. As a result, there are many people who fall for phishing emails. We regularly update this blog with details about fraudulent emails that attempt to phish for information, but now we would like to tell readers how to identify fraudulent URLs that could be from potentially malicious parties.

Fake emails generally create a sense of panic and urgency and implore readers to act immediately. Our first piece of advice is to never click on a link provided in a suspicious email. Visit the official website instead. Never copy and paste such links blindly.

Fake RBI phishing page

Here are some more tips to spot fake links or URLs:

  • Hover the mouse over a link before you click. This will reveal the real destination address in case it is a masked link.
  • Beware of the @ sign in the URL as all browsers ignore characters that appear before the sign. For instance, the URL “www.google@wooder.com” will not take you to a Google webpage.
  • Check the spelling of the URL carefully. Scammers sometimes change a single character to try and trick victims. For instance, many people will feel at first glance that “www.micorsoft.com” is the same as “www.microsoft.com”.
  • Check if the URL of the page you are directed to is the same as that mentioned in the email.
  • Read the link properly. For instance, the URL “www.apple.com.wooder.com” will not take you to the official Apple website.
  • Ensure that the link does not start with an IP address. For instance, “http://198.162.256.56/wood/index.htm” is the kind of link that you must never trust.
  • There are several services online which shorten URLs to cater to character count limitations. To avoid falling for fake shortened URLs you should use a service like “www.longurl.org” which reverses the process to show you the real destination.
  • On another note, it is also advisable to not download any suspicious attachments. If it is necessary, you must download and scan them separately.

The following table from the Anti-Phishing Working Group (APWG) provides some troubling information. According to them, there were at least 83,083 unique phishing attacks worldwide in 190 top-level domains (TLDs) in the second half of 2011. The attacks used 50,298 unique domain names.

Phishing stats for 2010-11

Additionally, here’s how you can spot an authentic URL:

  • Check the salutation. Genuine emails will address you in a personal manner (either with a username or an account number).
  • Genuine URLs will have SSL (Secure Socket Layer) security. This can be spotted by reading the URL and finding the term “https”.
  • Genuine URLs will have a lock symbol at the bottom right corner of the screen or in the address bar right before the URL. This signifies the digital certificate and you can click on this symbol and check authentication information.

Padlock and https

We strongly suggest that you make use of the best anti-spam software like Quick Heal Internet Security on your machine. This will provide you with real-time protection against constant threats and ensure that your computer never falls victim to malicious phishing emails. Even if you accidentally open a malicious URL, a strong antivirus will detect threats as soon as they appear on your machine.

Have something to add to this story? Share it in the comments.

Rahul Thadani
About Rahul Thadani
Rahul is a web enthusiast and blogger, and has been writing about the computer security industry for the last three years. Following the latest technology trends,...
Articles by Rahul Thadani »

19 Comments

Your email address will not be published.

CAPTCHA Image

  1. Akshay ChaturvediMay 12, 2012 at 6:33 AM

    is it necessary to use QH internet security since i am using QH total security and almost every day i receive 2 or 3 spams

    Reply
  2. Razak AhmedMay 12, 2012 at 9:11 AM

    Thanks for the Updated……..

    Reply
  3. SAURAV BANERJEEMay 12, 2012 at 10:06 PM

    THANK YOU SO MUCH,I ALWAYS SAY TO PEOPLE THAT QUICK HEAL IS THE BEST,THANK’S

    Reply
  4. Appreciate your lastly speaking regarding A few tricks to avoid the

    Reply
  5. ANUP BHATTACHERJEEMay 13, 2012 at 7:14 PM

    Thank you very much for the Write-up on Phishing, it is helpful in many aspect and helps to enhance the knowledge about the present day scenario in the world of Internet.
    Thanking again.
    Sincerely Anup.

    Reply
  6. Alok MukherjeeMay 14, 2012 at 1:57 PM

    It is beyond doubt that your writeup about fishing will broaden the knowledge of internet users, thnks

    Reply
  7. Dr. Saral Kumar MitraMay 14, 2012 at 3:28 PM

    Today I almost opened a phising URL and was timely intercepted by QH internet security.It is your excellent technology that saved me from falling
    pray to a phising E-mai. Thanks.

    Reply
  8. Kanishk SinghMay 14, 2012 at 6:44 PM

    Hello Rahul Sir,

    After Reading Your Post,I have one question.Quick Heal Being an Anti-Virus Company and Promising users to secure their PCs don’t have a HTTPS Verified Site.What if this Site is meant for Hacking Purposes? Why isn’t your Blog’s Identity not Verified? And the Connection of the Users is not encrypted.I even visited the Official Site of QH but that site also has no verification certificate.

    Can You Please Tell Me Why?

    -Kanishk Singh.

    Reply
    • Hi Kanishk. The HTTPS certificate is for webpages where you need to enter private details like your password, username, account number etc. Your email login page will have this certificate, Facebook’s login page will have this certifiate, if you buy a product online from the QH website the page where you enter your debit/credit card details will have this certificate. There are billions of webpages on the web, every page will not have this certificate. The purpose is to filter secure pages from fraudulent ones while entering private details. Hope that clarifies your question.

      Reply
      • Kanishk SinghMay 24, 2012 at 12:31 PM

        Thank you Sir,Your reply has resolved my question.But I would like to know that if I visit “https://www.google.co.in/”, Even though I don’t have to enter any sensitive information there like any id or password,why does that have the term HTTPS in it and has a Lock Icon before it?

        Reply
        • Google provides the option of encrypted searches and results for the privacy of users, hence the HTTPS. This is optional for people who wish to encrypt their search and search results, so the homepage does not contain the certificate by default but can be utilized by people who wish to be extra cautious.

          Reply
  9. My QH internet security does not stop advertisement websites from opening all by themselves.how do i stop it?

    Reply
  10. And how to set QH to run automatically?

    Reply
  11. thnks to rahul sir.. for ur infrmantion… i am a quick heal customer.. and i think dat ur information will getting me much awareness for surfing internet.. thnks again…

    Reply
  12. satish kambleJune 3, 2015 at 9:18 AM

    thanks for the information realy helpful one

    Reply