The term 'phishing' refers to the set of methods utilized by cyber criminals to run scams and/or obtain someone's credit card information, bank information, passwords, or other crucial information. It's a form of identity theft, and it predates the internet age (phishing scams used to be run over the phone, for instance).
In the first quarter of 2016, there were more online phishing attacks than at any other point in history, at least according to the APWG (Anti-Phishing Working Group). So it's a huge problem, and all the evidence indicates that it's only going to get worse.
Cybercriminals and malicious hackers are always looking for easy marks. More often than not, victims seem to almost volunteer themselves out of sheer ignorance. Nonetheless, armed with a little tech savviness and commonsense, it's easy to avert phishing schemes.
The Customer Success Manager of Semalt, Oliver King, describes five easy 'rules of thumb' to ensure that neither you nor your organization are victimized by fraudulent phishing schemes.
1. Look for the HTTPS and the 'Lock' Icon
If a web page's URL (which means "Uniform Resource Locator" by the way) begins with https:// (Hypertext Transfer Protocol Secure) and has a padlock icon in the address bar, then you know that it's safe and secure. You should never submit any sensitive information to a site that does not have these two important features.
2. Be Wary of Public WiFi
Never do your online banking, open your PayPal account, or enter any other passwords online when you're using public WiFi. Despite the fact that free internet at the shopping mall, library, airport or other public space is highly convenient, these are precisely the hotspots that cyber criminals like to exploit. What's more, with the help of a VPN (Virtual Private3 Network) you don't have to be a word class hacker to intercept information on a network either. If you must access your password protection information in these sketchy areas, use your smartphone or tablet's 3/4G or LTE connection.
3. Shortened Links Are Suspicious
Any kind of shortcode should be viewed with a certain skepticism, especially on FaceBook. On Twitter, it makes sense to use shortcodes since there's a limit of 140 characters per post, but on other sites, the use of a link shortened with bit.ly or another shortcode app is pretty dodgy. It's likely a widespread spam campaign that may leave you vulnerable to malware.
4. Typos and Broken English
This one's so obvious that it's almost not even worth mentioning. It is surprising though that many of the biggest and most technically sophisticated phishing operations in China, India, and Russia haven't taken the time to sort out their English writing skills. If there are obvious typos and/or weird salutations ("Dear Beloved Customer", etc.) in an email subject line, then trust your instinct and delete it.
Then again, maybe the professional data miners are intentionally baiting us with their horribly written copy, for there are rumors that the PLA Unit 61398 of the Chinese Government (google them for some interesting reading) send out really obvious phishing emails and then sit back and track who opens them.
5. Nothing Is Ever That Urgent
In 2014, online retailer eBay urged all of their users to change their passwords as they had detected a monumental data breach.
This was exceptional, however, and the truth of the matter is that these types of red code warnings are usually a sign of phishing. So think twice before responding to an urgent warning. You might even want to contact customer support to verify such a claim.