Phishing is a fraudulent attempt to obtain login credentials to an online service. It is usually carried out by sending a bogus email that looks like it comes from an official source, and asks the user to visit a website and login for one reason or another. Ironically, the email usually says something along the lines of “We need you to sign in for security reasons to verify your identity”, Entering login details, in what seems like login forms, is actually just capturing the password entered and sending it back to the person phishing.
Phishing scams can also be present on websites that are developed to look like login pages for popular services such as GMail, Hotmail and Facebook – the website is not allowing login to the service but instead capturing the username and password and sending it to the phisher. Phishing is an example of social engineering techniques used to deceive users.
Signs of Phishing
- Emails that claim to be from a service but come from a strange email address
- Emails from services requesting login with an increased sense of urgency
- Emails with links to services that don’t direct to the services proper website
- Spelling and grammar mistakes in the email
- Almost all banks and financial providers will never email you asking you to login to your account online – they do this purposely so phishing scams are negated
How to stay protected against Phishing
Using the TotalAV Total Webshield browser extension will prevent you from visiting webpages where phishing attempts are made. Also, just get into the habit of never clicking login links in emails – always search Google for the website/service and login through the official website login page. Finally, any website on HTTP rather than HTTPS in the address bar, should never be trusted for entering in your personal information such as passwords.