is a form of social engineering technique used by hackers to gather
sensitive information such as usernames, passwords and credit card
details by posing as a trustworthy person or organization. Since
most online users are unaware of the techniques used in carrying out a
phishing attack, they often fall victim and hence, phishing can be very
the dramatic increase in the number of phishing scams in the recent
years, there has also been a steady rise in the number of people being
victimized. Lack of awareness among the people is the prime reason
behind such attacks. This article will try to create awareness and
educate the users about such online scams and frauds.
usually sends an email message to users requesting for their personal
information, or redirects them to a website where they are required to
enter thier personal information. Here are some of the tips to identify
various phishing techniques and stay away from it:
Identifying a Phishing Scam:
Beware of emails that demand for an urgent response from your side. Some of the examples are:
may receive an email which appears to have come from your bank or
financial organization stating that “your bank account is limited due to
an unauthorized activity. Please verify your account asap
so as to avoid permanent suspension”. In most cases, you are requested
to follow a link (URL) that takes you to spoofed web page (similar to
your bank website) and enter your login details over there.
some cases, phishing emails may ask you to make a phone call. There may
be a person or an audio response waiting on the other side of the phone
to take away your credit cards details, account number, social security
number or other valuable data.
emails are generally not personalized. Since they target a lagre number
of online users, they usually use generalized texts like “Dear valued
customer”, “Dear Paypal user” etc. to address you. However, some
phishing emails can be an exception to this rule.
you click on the links contained in a phishing email, you will most
likely be taken to a spoofed web page with official logos and
information that looks exactly same as that of the original web pages of
your bank or financial organization. Pay attention to the URL of a
website before you enter any of your personal information over there.
though malicious websites look identical to the legitimate site, it
often uses a different domain or variation in the spelling. For example,
instead ofpaypal.com, a phishing website may use different addresses such as:
Tips to Avoid Being a Victim of Phishing:
not respond to suspicious emails that ask you to give your personal
information. If you are unsure whether an email request is legitimate,
verify the same by calling the respective bank/company. Always use the
telephone numbers printed on your bank records or statements and not
those mentioned in the suspicious email.
use the links in an email, instant messenger or chat conversation to
enter a website. Instead, always type the URL of the website on your
browser’s address bar to get into a website.
Legitimate websites always use a secure connection (https://)
on those pages which are intended to gather sensitive data such as
passwords, account numbers or credit card details. You will see a lock
your browser’s address bar which indicates a secure connection. On some
websites like paypal.com which uses an extended validation certificate,
the address bar turns GREEN as shown below.
most cases, unlike a legitimate website, a phishing website or a
spoofed web page will not use a secure connection and does not show up
the lock icon. So, absence of such security features can be a clear
indication of phishing attack. Always double-check the security features
of the web page before entering any of your personal information.
use a good antivirus software, firewall and email filters to filter the
unwanted traffic. Also ensure that your browser is up-to-date with the
necessary patches being applied.
a “phishing attack” or “spoofed emails” to the following groups so as
to stop such attacks from spreading all over the Internet:
hope the information presented in this article will help you detect and
avoid various phishing scams that are waiting to rip off innocent
Internet users. If you’ve anything to say, please pass your comments.