#TechItUpTuesday
What is phishing?
If you want to stay safe online you should always be on the lookout for scammers. Phishing is a form of social engineering attack or scam often used to steal user data, such as login details and credit card numbers. It often occurs when an attacker, masquerading as a trusted entity, possibly your bank, social media, or service provider tricking you into opening an email or message.
This video discusses many of the common examples of Phishing such as mass e-mail Phishing (often just referred to as Phishing), Spear Phishing and Smishing.
Other forms of phishing
HTTPS phishing
Often included as part of e-mail phishing this is something to be wary of when you are on any site. Most legitimate organizations use HTTPS instead of HTTP because it is considered safer and establishes legitimacy. If it’s posing as a site you already know, search for that site on a separate tab and compare the URLs to see that they match.
For example, the address for Canvas, if you clicked on a link and the address began with HTTP rather than HTTPS it could be unsafe:
Correct: https://canvas.hull.ac.uk/
Potentially unsafe: http://canvas.hull.co.uk/
They may also use hypertext which is a “clickable” link embedded into the text to hide the real URL. When checking the link make sure that it’s in its original, long-tail format and shows the whole URL, double click on the URL so the full format shows.
Search engine phishing
Sometimes known as SEO poisoning or SEO trojans, is where hackers work to become the top hit on a search using google or other engines. If they get you to click their link, it takes you to their website. When you interact with it and enter sensitive data, they have your information. Hacker sites can pose as any type of website but are usually banks, PayPal, social media, and shopping sites.
Vishing
This is when you may receive a call on your phone maybe claiming to be your bank or government authority demanding your details or payment with a threat of legal action if you don’t comply. This is to create a heightened sense of urgency that may make a person take actions against their best interests. This can also happen online as well maybe you will get a message, or a warning pop-up often on unsafe sites as previously mentioned, you should not click on these links.
Prevention and protection against Phishing
Protection
The best protection is awareness and education, if you are aware and careful you will likely never fall victim to this scam. Don’t open attachments or links in unsolicited emails, even if the emails came from a recognized source. If the email is unexpected, be wary about opening the attachment and verify the URL.
Protection
If you do fall victim to phishing, you can protect yourself through Two-factor authentication (2FA) which adds an extra verification layer when logging in to applications. 2FA relies on two verifiers: something you know, like a password and username, and something you have, such as a smartphone or credit card. If you lose one layer of protection or your phone is stolen, 2FA prevents the use of compromised data or credentials, since one verifier will not gain you entry. You may also sometimes have a third verifier something you are which is either a fingerprint, an iris scan, or a voiceprint.
Other methods of protection against phishing include frequently changing your password and not reusing the same password for different applications. So stay safe online and don’t bite when phishers come phishing.