Now we know what is phishing and how it works, it’s time to learn how to protect against it.
For me, the most important thing to be protected against phishing is incredulity. Simply don’t believe everything you receive by e-mail. E-mail can be forged very easily and the sender of the message might not be who it seems.
Also, take into account that most companies will never contact you by e-mail to ask for information. Well, there are some companies which do this, but if you follow these rules that won’t be a problem.
- Don’t reply with personal information. If you ever get any kind of message from anyone asking for personal information, never reply to it. If you think this is legitimate it’s always better to call by telephone and give this data. Take into consideration the fact that e-mails travels as plain text through the net, so anyone can see it.
- Don’t click in hyperlinks within emails. Although they might look legitimate, there are techniques for redirecting you to another site controlled by the attacker. If you think the mail is real and you have to input information, it’s better to open a new browser windows and and type the URL in the location bar, to make sure you are going to the site you intended.
- Check for Secure HTTP. Once you have gone to the site, check it’s legitimate by looking at the location bar, checking it uses Secure HTTP (the URL begins with https). If it does, then check the certificate of the site by clicking on the lock that appears and have a look at the information in the popup windows to see if it’s the same that you expected.
- Check your bank accounts and report to authorities. It’s really convenient to check your accounts from time to time to see if there’s any unusual or suspicious activity. If there’s something unexpected, you should better contact your bank and if they confirm it’s fraudulent, report it to the local autorithies so they can investigate the case.
- Use antiphishing toolbars. This is a convenient software to know if a site is a suspect of being a phishing site.
You can either use Google Toolbar for Firefox which shows an icon indicating if a site is forged or not.
You can also use Netcraft Toolbar which can tell even the country where the server is located, so if you access an american bank and the server is located in Russia, you can get really suspicious.
With all these measures you should be quite safe against phishing.
0 Responses to “Phishing (II): how to protect”