What is Phishing?
It is the act of attempting to ascertain essential data such as usernames, encrypted passwords, and credit and/or debit card details by impersonating as a legitimate entity in an e-communication.
Ways to Prevent Phishing Scams
- The majority of phishing scams occur when a user clicks on a malicious link that is embedded in a mail, social networking website, or adware. The link is then redirected to a site that looks 99 percent similar to the one it is impersonating.
- Once the user enters the personal details (username, password, Social Security Number (SSN), Credit/debit Card) the hacker captures it and uses it illegally or resells it on the black market. A well-known example is the Google phishing attack that occurred on March 2014.
- Hackers used Google Drive to deliver a malicious page via SSL to the victim. What the victim sees in he or she accesses the page, is a near-perfect mirror. Aside from a glitch in the language bar, the rest of the Web page is the identical twin of Google’s own authentication portal. Most users assumed the flawed language section a system bug.
How to Prevent Phishing Scams?
If you want your users to know they are on the right website, the best thing to do is to make it impossible to impersonate and easily recognizable.
In order to achieve this:
- First buy an Extended Validation (EV) SSL certificate.
- Before issuing the EV SSL certificate, the Certification Authority (CA) will first validate your firm’s legal existence.
- The EV SSL certificate turns a client’s address bar green and displays your company’s information when they are on your website.
- Once the certificate is correctly installed, using the best security practices is the second step.
- Practices such as informing your customers about phishing scams and the actions you have taken to prevent them from taking place will bolster your firm’s reputation.
- Ensure your customers know about the EV SSL certificate on your website and never enter any details if the Web browser doesn’t display the green bar.
Some of the Top Phishing Scams of Recent Times
- In January 2013, a sophisticated system spy operation called Red October was found targeting governments, high-profile diplomats, and power plants.
- The attack covered 69 countries.
- In March 2013, hackers wiped the hard drives of PCs in broadcasting firms and banks in South Korea.
- In August 2013, days before Iran’s national elections, cybercriminals hacked thousands of Gmail user accounts intended to impact the elections.
- In December 2013, a man was arrested for a phishing scam targeting UK college students. The scam asked students to update their education loan details on a bogus site, taking huge sums from their accounts.