How To Prevent Phishing

How to prevent phishing? Obviously, anti phishing security software products can be very helpful but cannot offer you and your family 100 percent protection.

To overcome, it is essential that you not only learn to identify phishing email but also learn to identify a phishing website. This is an important step towards optimal internet safety.

How To Identify A Phishing Website

Phishing attacks come along in different ways.They are usually hidden behind an innocent looking email link or can be part of a Google search result. If you have clicked on one of those phishing links by mistake it´s usually not too late (as long as you haven´t submitted any sensitive information).

So, how to prevent phishing when you are on the Net? You are likely facing a phishing website if...

  • No encryption is offered. All serious institutions will make use of the https protocol if they want you to transmit sensitive information. Therefore make sure that your browser address bar shows an address which starts with https:// before you are asked to enter that kind of information.
  • the link fails the browser's validation check. All current internet browsers offer the functionality to validate the reliability of an https:// connection . Be alarmed if the website presents you an expired/invalid browser certificate or if the certificate's owner information does not match to the visited website.
  • The link contains a misspelled URL. Attackers use slightly different domain names as part of their link address to make sure that you don´t regard your website visit with suspicion. Would you be alarmed if somebody present you the link when you normally access your bank over the link You should!
  • The top level domain part of the link does not match. Attackers often setup their fraud websites under the top level domain of another country. Therefore you should be alarmed if somebody wants you to submit local, sensitive data to a foreign top level domain (e.g. ).
  • you are asked to enter your credentials and TAN numbers on the same page. Phishing attackers are particularly keen on this information but predominantly lazy. For that reason attackers often try to get this data by offering one website form (although no bank would ever request these data on just one website page).

If the website you visit meets one of those characteristics I strongly recommend that you restart your browser software and do a full disk virus scan for security reasons because those websites also tend to run a vulnerability scan on web browsers.

How To Prevent Phishing - General Precautions

  • Always distrust incoming emails especially if the are somehow related to sensitive, personal or financial information. If you have any doubts about an email, investigate by getting in direct contact with the affected organization. Don’t ignore your instincts when it comes to Internet security.
  • Never send sensitive information from a foreign computer. You never know what kind of software has been installed by a third party on a computer in an internet cafe or hotel to spy on you.
  • Keep your sensitive information confidential. An important tip if you want to know how to prevent phishing: declare all somehow financially related account data as top secret. Never store information like your credit card details, online banking login credentials or social security number simply on your hard disk as this gives attackers the opportunity to spy on those data (even if they are stored within your homebanking software). In case that you want to store them in an electronic way consider to save them on an encrypted USB memory stick and access the data only in combination with a bootable Live CD to reduce the risk to a minimum. And don´t forget to keep this external device in a safe place.
  • Check your bank account, PayPal account and your credit card bill on regular basis. Pay attention to unusual or wrong transactions and check them with the responsibles of the related financial instution.
  • Setup a transfer limit on your online bank account. Most banks offer that feature for your personal damage limitation (if not consider changing your bank). If you are serious about how to prevent phishing, getting an additional prepaid credit card just for internet shopping is from my experience one of the best ways to protect yourself.
  • Create your personal emergency response file. Most phishing victims waste essential time with the search of responsible contact persons, phone numbers and email addresses to inform those about their current problem.Those victims are not aware that each minute counts when it comes to a successful phishing attack. To overcome this problem I strongly recommend all my clients (and you, of course) that they should create their personal emergency file. This includes information for websites that are somehow related to your personal financial , social or shopping activities. The file should contain the following information:

    -- internet address of the website
    -- abuse email address
    -- phone number

    Those details can normally be easily extracted from each related website (if not ask the website owner for this information). Update this file from time to time but keep that file within reach at all times. :-)
  • Don´t click on a link being offered in an email. If you need to visit a site, type that site’s Web address directly into your browser, or use a Web browser bookmark.

Now you know how to prevent phishing. But what if you are too late?

If you believe that you have been a victim by a phishing attack it is highly important to react as quickly as possible. Contact your local law enforcement and the affected organizations immediately.

If your bank account is affected, try to lock your online account access on your own by entering an invalid password /PIN combinations several times while you try to contact the bank responsible persons. Many banks will lock an online account after 3 invalid password attempts.

[Homepage] [Internet safety]

[How to prevent phishing]

Return to top

Protect Yourself

Subscribe to my newsletter and get all the latest PC Security News. Free!



Don't worry -- your e-mail address is totally secure.
I promise to use it only to send you PC Security News.