From March 2016 to March 2017, Google and the University of California at Berkeley studied ways to cheat on the Internet. It turned out that over the course of that year 12.4 million users became victims of phishing attacks. According to APWG’s Phishing Activity Trends Report for Q3 2019, the number of phishing attacks once again rose to a level that hasn’t been observed since 2016. In Q4 of 2016, 277,693 attacks were recorded by APWG. In Q3 of 2019, the number was close to that at 266,387.
Phishing is a set of methods that allow hackers to deceive a user and force them to reveal their password, credit card number and other confidential information. Most often, attackers impersonate representatives of well-known organizations in emails, phone calls, messages, etc. We already talked about phishing emails, today we will cover phishing websites, how to identify them and protect yourself.
What is a phishing website
Phishing is a fairly common tool for stealing user accounts from different services. These sites are used to gain access to email and personal accounts, credit card information and other data that can then be used for profit by phishing cybercriminals.
Visually, a phishing page is designed to copy the interface of a real service. If, for example, the hacker’s goal is to steal a Google account, then during authorization a potential victim will see familiar fields for entering a username and password and the Google logo.
Phishing is aimed at stealing users’ personal data under the pretext of payment or logging in as a client. Fraudsters can create fake the websites of:
- Airlines;
- Banking and other financial organizations;
- Payment systems;
- Authorization and payment pages of online stores.
How to detect a phishing website
Detecting a phishing site is not always easy, but a few simple tips and common sense will help you. Phishing sites have a number of signs that immediately give them away! Pay attention to everything that seems strange and unusual. Even an inexperienced user can determine in a few minutes whether to trust a site or not.
Look carefully at the URL
Before clicking on the link from the computer, it is advisable to check its real address by pressing the right mouse button and selecting “View Code”. The URL should not be too long, contain incomprehensible characters or errors in the domain name of a known resource. Hackers can make minor changes, including using .edu, .link, etc. instead of .com.
Also, pay attention to the address when you are already on the site, as fraudsters often use redirects to other resources.
Site Content
The presence of spelling errors, an incorrect layout and/or an unprofessional design can also be one of the signs of a phishing site. Original projects developed by large companies are distinguished by professional execution, high-quality design and competent texts.
Check connection type
Official companies require payment data only on sites with a secure “https” protocol, if an unsafe “http” protocol is used and they want you to enter a card number, the site is phishing and should be left at once.
Along with this, check the SSL certificate. Most legitimate websites have valid SSL certificates issued by an authorized provider.
Legitimate sites hide your card details
When entering card numbers and passwords, data for security purposes should be concealed with dots or other symbols.
How to protect yourself from phishing?
Most Internet browsers check links for trustworthiness, but your ability to evaluate the situation should be the first line of defense against phishing. Learn to recognize phishing symptoms and adhere to basic security principles:
- Do not follow links from strangers;
- Do not click on suspicious short links like bit.ly or goo.gl, even if they come from friends;
- Configure a multi-factor authorization system for payment systems and bank accounts.
- Save sites that you often use for payments in your favorites;
- Install antivirus software on your computer;
- Use browsers like Chrome, Safari and Firefox that already have anti-phishing protection.
By the way, if you received a shortened link like bit.ly/FHjk77, then it can be decrypted using the UnTinyURL service. Just copy the link in the box on the page and click the Reveal button.
What if you already sent passwords or card details?
If you have fallen victim to a scam, but understood it in time, then there is still a way to save your data.
First, change your passwords as soon as possible. If you use the same passwords on different sites you will have to replace them too.
Secondly, contact a security service if you sent financial data. They will take you through the steps of what you have to do next. As a rule, payment services will simply block payments for the time being.
What if you’ve found a phishing website
Let’s imagine that you did end up on a phishing site, but managed to recognize it in time. Then you can help companies and search engines block the resource.
Warn the administrators of the original site
Information about the phishing site can and should be transmitted to the owners of the original resource. Find the contacts section and write an e-mail or fill out a feedback form indicating the information about the phishing site. The email addresses of the original companies usually begin with the words support or info.
Contact Payment Provider Support Services
If you suspect that a form of payment is fake, you can check its originality through the support service of the payment provider, the name of which is indicated in the payment form of the site.
For example, the official pages of payment providers have the e-mail addresses of customer support services, with which you can verify the originality or report the falsification of a payment form.
Tell the search engine support team
Google, Bing and other search engines already have special forms through which you can complain about phishing scams. Spend a minute of time and you will help protect other users from scammers.