Understanding and Avoiding Phishing Attacks

Hacking in real life is very different from their popular depiction in the trending media, Hackers don’t really have to break into some highly secured database to rob you off your money but simply talk you into it. How this is done is simple psychology. Cyber crooks take advantage of emotions like trust, urgency, negligence, empathy to name a few to rob you off.

Image for post
Image for post
Photo by kat wilcox from Pexels

Fiction Story Example:- Your best friend has gone for a vacation, it is almost the time for his boarding the flight when you suddenly notice an email in your inbox from a strange ID which goes something like this

“Hey, XYZ this side, I really need your help. Someone stole the bag containing my phone and wallet during the security check at the airport. I didn’t remember your contact number and was unable to login to my personal email account because I didn’t have my phone with me so I created this account on the fly. Can you please send me some money on XXXXXXXXXX account.”

You of course try to call your friend but since in reality his flight has already took off his phone is on airplane mode. Thus not reachable to you this further fuels you into believing that your friend really is in trouble. At this point being the good friend that you are you won’t mind willingly transferring money to the attacker.

Above is a classic example of a phishing attacks one of the most common cyber attack these days. Phishing attack occur when the attacker impersonates someone they are not usually an individual or brand that you trust and then trick you into sharing your personal information with them. The attack mentioned above in actuality is a relatively minor and a relatively less harmful attack. As at the end of the day you would have learned that you have been duped and at worse have been duped of a couple of bucks. The more dangerous attack will be when you are not aware of the attack happening and you part with your valuable information without even realizing. This is often done by “spoof” or clone a website completely and then lure people into parting with their personal information. The websites are often ones with great name and trust with the clients thus the people don’t mind sharing their information on that platform.

How to Avoid Phishing Attacks

It is of course not possible for you leave your loved ones dangling in sticky situations or delete a text that may or may not have been from your boss. So always carefully check the mails you receive, for example in the situation describe above could have been remedied if the person would have tried to contact his friend through a voice or video medium and thought before acting.

Image for post
Image for post
Photo by Torsten Dettlaff from Pexels

Sketchy emails that looks legitimate often comes with easy link redirecting to some website. Though it is advised not to even open these pages, one cannot help but find themselves in situations where this is not an option. Here it is advised to go to that website manually through your trusty browser or at least not enter any of your personal information.

If a company is asking for your personal information to verify something it is most likely that it is a hoax in an attempt to steal your information. Incase the person on the other end seems legit make sur to call up the customer support to verify. Just make sure that the number you are calling is legitimate.

This advice is often thrown around and is actually a good practice to secure your accounts even if another one is compromised. You can use service provided by google to remember and suggest you strong passwords. You can even go up a notch and use paid services like Dashlane or LastPass to secure your passwords.

Image for post
Image for post
Photo by Wiredsmart from Pexels

Phishing attempts are often made by cloning a website’s look and feel and registering it at a domain which seems similar to the legitimate one to the unwary eye. Letters like “l” and “1”, “l” and “i”, “O” and “0” look exactly the same on the browser window thus will be impossible to detect. A way to avoid this is reading the domain name backwards as it will keep you from overlooking these letter. You can also copy and paste the domain on a word file and switch the font like “Source Sans Pro” where it is easy to distinguish between these letters.

Image for post
Image for post
Demo Text

Strongly believes that technology is in its adolescence phase right now and we all soon will be witnessing some big changes in almost every field of Technology

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store