Phishing is the attempt to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. It’s important to learn how to defend yourself from phishing as this tactic is being used by hackers left and right.
The criminals’ most popular approach is to create a decoy “website”, which would seem to be a legitimate website of a well-known company, in order to obtain your passwords.
Phishing is mostly preformed through the use of e-mail messages, so we, as computers users, should know how to protect ourselves from these dangers.
The Way It Works
A criminal sends you an e-mail with a link that seems to lead to a website of a respected and legitimate company, such as PayPal, Google or Ebay. The headline is supposed to scare you so you will follow the link in order to check whether you have a problem.
After you click on the provided link, you would be transferred to a web page that looks very much like the one of the legitimate company, but in reality it will be a decoy web page specially created to entice you to reveal your password and other personal information,
How It Looks
Below is a real life example of phishing which I encountered a few weeks ago. I would like to use this example to demonstrate how you can protect yourself from this scam with the help of knowledge and awareness.
The widely used protection mechanisms, such as anti-virus programs or e-mail filters, generally block such e-mails 12/24 hours after the appearance of a new threat. But if the mail is sent to you BEFORE your protection system has managed to study and neutralize this threat, this message will arrive in your Inbox – and you should not blindly trust your anti-spam filter, as it cannot be 100 percent foolproof.
The e-mail message, appearing to be from PayPal, declared that “your account has been restricted, immediate action required”, and the idea is to scare you into following the instructions included in the message.
The e-mail message was sent from an address identified as “firstname.lastname@example.org“, and made to look like a legitimate PayPal communication.
Below you can see the screenshot showing what this looks like:
Please note how much the criminal invest in tiny details that make the message look believable: it includes all the details of PayPal Inc, as well as their trademark logo.
How We Should Deal With The Threat
First, you need to stay calm, and think clearly 🙂
If you are really worried that there might be a problem with your PayPal account (if such an account exists), you should go to the PayPal website DIRECTLY via your web browser by typing the web address instead of using any links provided in the suspicious e-mail.
Please do not be lazy – just type the full web address in the address line of your browser! In this case – https://www.paypal.com
The link in the e-mail message you received is a trap – the scammers are counting on you to follow that link. So the most important lesson is – never follow a link in such an e-mail, use the browser address line in order to check the real company website.
Why Do Criminals Invest So Much Effort In Generating Those E-mails?
The moment you follow the link inside the message and arrive to the decoy page, the swindlers get access to your username and password. From that minute on they can use those to access your real PayPal account, and probably your other financial information as well – many people use the same usernames and passwords for different accounts in various institutions.
Here is a piece of advice from me: please use different usernames and passwords for different services! Yes, it makes your life a bit more complicated, but your data will be much safer as a result.
What If I Did Not Pay Attention, And Followed The Link Anyway?
As usual, the devil is in the details!
1. The address of the decoy website will never be paypal.com with a secure lock symbol attached!
a. This is what legitimate address looks like:
b. The true address should be paypal.com/ (with the slash present)
c. Please make sure there is a lock symbol next to the address – proving the web page has a valid security certificate
2. Please note that the right web address is www.paypal.com, it is very difficult to fake
3. The fake address of a decoy website is usually made to look very similar to the real one, for example: www.paypal.com.secureconnectionpaypal.com
Please note that the fake address does include the words paypal,com, but just as the SUBDOMAIN, while the final domain is “secureconnectionpaypal.com“, a fake domain created by the bad guys. The final domain IS the one controlling the identity of the webpage.
Please remember – always look at the final domain, otherwise it is very easy to make a mistake. Thus the real PayPal site web pages will always have the address ending with paypal.com.
1. The thieves count on us to be inattentive, so we will not use out common sense to check the authenticity of the message
2. Never follow a link in a message that is supposed to scare you or to entice you with a promise of quick financial gain – if in doubt, just go directly to the legitimate website using your web browser!
3. Always check the final domain, as well as an accompanying lock symbol, that is required for all web pages with a payment facility
Provided as a public service by Migdal Computing Solutions LTD
For more information on ways we can help you (and your computers) stay safe and defend yourself from phishing, visit our Information Security Services