Hackers are always looking for new ways to obtain your personal information. One way they can do this is through phishing.
Phishing is the attempt to obtain sensitive information such as usernames, passwords or credit card information, usually for malicious reasons, by impersonating a trustworthy entity in an electronic communication. For example, an email that appears to be official correspondence from your bank that directs you to a website identical to the legitimate one, where you are prompted to enter your personal information. Phishing has been around nearly as long as the internet, and remains a highly profitable cybercrime to this day.
Fortunately, you can take steps to avoid phishing through vigilant browsing habits:
- Inspect all URLs carefully. Phishing scams will often use an upper case I instead of a lower case L, for example. The website may look identical in design to the legitimate one, but often an incorrect URL will betray its authenticity.
- Ensure any website you visit is secure by verifying that the URL begins with https:// and the address bar contains the closed lock icon before you provide any personal information. You may find that using a browser extension to force the use of https:// on websites that offer it optionally is useful.
- Contact the company from which the email claims to originate in order to verify its legitimacy. If you are still concerned about providing any personal information online, then providing it over the phone to a verified representative is a more secure alternative.
- If you know the genuine web address of the company, type it into your browser’s address bar rather than clicking on any URLs in the suspected phishing message.
- Keep an eye out for spelling and grammar mistakes in the body of the email. Legitimate correspondence from a large corporation will be proofread and edited.
- Check your online accounts for irregularities frequently and change your passwords on a regular basis.
- Ensure your browser is up to date, with pop-ups disabled if possible. Consider installing extensions that limit or block ads, tracking and privacy invasive scripts.
Many popular browsers now contain anti-phishing software which checks websites you visit against a list of known phishing sites, however it is always preferable to verify for yourself, as phishing scams prioritize staying ahead of the curve in order to maximize their reach.
Additionally, many websites have implemented augmented password logins, which require users to select a personal image to be displayed whenever prompted for a password. Two-Factor Authentication has emerged as another precautionary step for users to take, where any action must be confirmed by the user on another device, such as a mobile phone.
As phishing is primarily focused on exploiting human weakness using the medium of technology, it stands that technology cannot fully compensate for these weaknesses. Therefore, vigilance and common sense remain the best methods of prevention.