What is phishing and how to prevent it

In its most basic form, phishing is an illegal means to obtain confidential information from a person, mostly through fraudulent and misleading e-mails. On an individual level, such scams usually result in unauthorized usage of the victim’s funds or identity theft.

There are other forms of phishing as well, such as Vishing (voice phishing, wherein the phisher would use a fake caller id data), and Smishing (SMS phishing), and newer forms such as spear phishing and covert redirect.

How does Bank Phishing work?

Often, fraudsters pose as bank officials and send emails to clients from fake email ids which have a similar look and feel as an actual email from the bank.

Scammers usually send an unsuspecting person an email in the name of the person’s bank, or some other fake email id using a trusted name. The mail informs the person that his/her account has been blocked due to some issue.  These mails will request the clients to send in their personal information such as credit card information, PIN numbers, and bank account information. Or scammers will ask the client to click and follow a link to another website, wherein, they can enter their information and resolve the issue. A note of urgency is prevalent in the tone of the fraudulent email. The moment an unsuspecting client enters such information on the fake website, the scammers obtain it. This can result in unauthorized purchases from the client’s account as well as identity theft.

You can read more about Phising here.

Identifying Fake Websites

There are certain ways you can identify fake websites:

  • URL verification
    Verify the URL of the webpage. Secure sites use the HTTPS protocol. Therefore, you will see https:// before the site’s URL. The ‘s’ here stands for secure and you can be rest assured that the site is operating with a secure encryption to protect your data.
  • The Padlock symbol
    The padlock symbol is an indicator that the site has a digital security certificate. This is another way of determining whether your data is secured by an encryption or not.
  • Digital Certificate verification
    If you’re still uncertain about trusting the site, then you can check the authenticity of its digital certificate. Simply follow this procedure: go to File > Properties > Certificate. Or, double-click on the Padlock icon.

How to prevent phishing?

There is only so much that a bank, or an authority can do. Fraudsters keep finding new ways to try and con clients. Here are some ways you can practice phishing prevention against such an attack on yourself:

  • Always check the web address carefully. Make sure the address is correct and accurate. Often, phishers will name the site in a manner that’s deceptively similar to the original site.
  • Anytime you have to log in to your account, type out the web address in the browser’s address bar.
  • Make sure the Padlock symbol is present on the webpage and ensure that it is ON.
  • Make sure that you have a strong anti-virus software installed and kept up-to-date on your PC, laptop or mobile phone.
  • Always use a non-admin user ID for any routine work you have to do on your computer.

While these are some active phishing protection methods you can undertake, there are certain don’ts as well that apply in this situation:

  • Do not click on any suspicious links, particularly ones you get in your email from unknown IDs.
  • Do not give out your confidential information such as your card numbers or PIN numbers, even if it appears the request for sharing such information is coming from an authority like the IT Department.
  • Do not open any unexpected or suspicious emails and messages. Especially if they come from unknown sources.
  • Do not access your account or use your Credit card or Debit card from computers in public places such as cyber cafés, or even through any phone or tablet that does not belong to you.