How To Prevent Phishing
How to prevent phishing? Obviously, anti phishing security
software products can be very helpful but cannot offer you and your
family 100 percent protection.
To overcome, it is essential that you not only learn to identify phishing email but also learn to identify a phishing website. This is an important step towards optimal internet safety.
How To Identify A Phishing Website
Phishing attacks come along in different ways.They are usually hidden
behind an innocent looking email link or can be part of a Google search
result. If you have clicked on one of those phishing links by mistake
it´s usually not too late (as long as you haven´t submitted any
So, how to prevent phishing when you are on the Net? You are likely facing a phishing website if...
- No encryption is offered.
All serious institutions will make use of the https protocol if they
want you to transmit sensitive information. Therefore make sure that
your browser address bar shows an address which starts with https://
before you are asked to enter that kind of information.
- the link fails the browser's validation check.
All current internet browsers offer the functionality to validate the
reliability of an https:// connection . Be alarmed if the website
presents you an expired/invalid browser certificate or if the
certificate's owner information does not match to the visited website.
- The link contains a misspelled URL.
Attackers use slightly different domain names as part of their link
address to make sure that you don´t regard your website visit with
suspicion. Would you be alarmed if somebody present you the link
http://www.your-bank-account-validation.com when you normally access
your bank over the link http://www.your-bank.com? You should!
- The top level domain part of the link does not match. Attackers
often setup their fraud websites under the top level domain of another
country. Therefore you should be alarmed if somebody wants you to submit
local, sensitive data to a foreign top level domain (e.g.
- you are asked to enter your credentials and TAN numbers on the same page. Phishing
attackers are particularly keen on this information but predominantly
lazy. For that reason attackers often try to get this data by offering
one website form (although no bank would ever request these data on just
one website page).
If the website you visit meets
one of those characteristics I strongly recommend that you restart your
browser software and do a full disk virus scan for security reasons
because those websites also tend to run a vulnerability scan on web
How To Prevent Phishing - General Precautions
- Always distrust incoming emails especially if the are somehow related to sensitive, personal or financial information. If
you have any doubts about an email, investigate by getting in direct
contact with the affected organization. Don’t ignore your instincts when
it comes to Internet security.
- Never send sensitive information from a foreign computer.
You never know what kind of software has been installed by a third
party on a computer in an internet cafe or hotel to spy on you.
- Keep your sensitive information confidential.
An important tip if you want to know how to prevent phishing: declare
all somehow financially related account data as top secret. Never store
information like your credit card details, online banking login
credentials or social security number simply on your hard disk as this
gives attackers the opportunity to spy on those data (even if they are
stored within your homebanking software). In case that you want to store
them in an electronic way consider to save them on an encrypted USB
memory stick and access the data only in combination with a bootable
Live CD to reduce the risk to a minimum. And don´t forget to keep this
external device in a safe place.
- Check your bank account, PayPal account and your credit card bill on regular basis. Pay attention to unusual or wrong transactions and check them with the responsibles of the related financial instution.
- Setup a transfer limit on your online bank account.
Most banks offer that feature for your personal damage limitation (if
not consider changing your bank). If you are serious about how to
prevent phishing, getting an additional prepaid credit card just for
internet shopping is from my experience one of the best ways to protect
- Create your personal emergency response file.
Most phishing victims waste essential time with the search of
responsible contact persons, phone numbers and email addresses to inform
those about their current problem.Those victims are not aware that each
minute counts when it comes to a successful phishing attack. To
overcome this problem I strongly recommend all my clients (and you, of
course) that they should create their personal emergency file. This
includes information for websites that are somehow related to your
personal financial , social or shopping activities. The file should
contain the following information:
-- internet address of the website
-- abuse email address
-- phone number
details can normally be easily extracted from each related website (if
not ask the website owner for this information). Update this file from
time to time but keep that file within reach at all times. :-)
- Don´t click on a link being offered in an email. If you need to visit a site, type that site’s Web address directly into your browser, or use a Web browser bookmark.
Now you know how to prevent phishing. But what if you are too late?
you believe that you have been a victim by a phishing attack it is
highly important to react as quickly as possible. Contact your local law
enforcement and the affected organizations immediately.
bank account is affected, try to lock your online account access on your
own by entering an invalid password /PIN combinations several times
while you try to contact the bank responsible persons. Many banks will
lock an online account after 3 invalid password attempts.
[Homepage] [Internet safety]
[How to prevent phishing]
Return to top