Commonly, phishing is mostly done towards email accounts, where email phishing deployment is to be acted upon providing information that leads to fake pages to trap victims. So, to avoid phishing, the internet users should be more careful with some internet security issues. For example, when you are going to access a web page, make sure you load and land on the web page with a correct domain URL.
Phishing takes a lot of casualties in the social media, as most users use their social media account daily. Some of them unconsciously entered a trap fake page. Not only in social media, phishing also sometimes can manipulate an infected computer to show some other fake things that seem original. So, make sure that your computer free of computer viruses or keyloggers to avoid phishing attacks. Read also; how to check if a keylogger runs on a computer.
There are many phishing crime cases. It could have stolen a lot of personal information such as access social media accounts, emails, and even your bank accounts. Therefore, you need always be careful and keep aware of phishing while surfing the internet.
Phishing is a fraudulent activity by tricking target individuals with an intent to steal their sensitive data or account credentials on a website. This term of “phishing” is derived “fishing”, which is to trap a victim using a snare. In other words, phishing practice is a scam to steal important information by taking over the victim’s account for a specific purpose. This could be a trap to look for the multiple accounts’ loopholes of the target victim which are linked to the accounts that have been obtained by the perpetrators of phishing.
Phishing is a fraud method that hackers use to steal passwords by tricking targets using a fake login form on a fake site that resembles the original site. In some phishing cases, a fake site is not very similar but as the target users are less careful and have no experience with phishing, then, they could be trapped.
How Phishing Works
When you know how phishing works, it will be easier for you to avoid it. The following are the steps how phishing works:
- In a tricky way, the hacker makes the victim clicks on a fake site link. It could be using a stunning banner or image on a social media site, persuasion on email, and so on.
- After the victim clicks that link, it will refer to a fake site with a social media login form alike and some words that convince the victim’s social media account has been logged out and ask the victim to enter username and password again. For unaware people would not think that site is a clone and will fill their username and password without suspicion.
- What the victim type into the form field will be stored on the hacker’s server. So, the victim still has time to change his or her password before the hacker know that username and password have been stored on the server.
- Once the hacker knows that username and password, the hacker will take over the victim’s password. In many cases, hackers will likely to use stolen accounts to spread phishing URLs to friends on stolen social media accounts to get more victims.
- Most hackers use stolen accounts to spread ads, affiliate links, and the most severe thing is trying the username and password to the other membership sites or online payment or bank accounts such as Paypal, Skrill, Payoneer, to stole money.
Phishing practice is the easiest way to hack passwords. That’s why there are so many cyberspace scattered referral addresses that point your browser to fake websites or phishing web addresses.
Having web designing skills with is enough to be able to practice phishing. Even creating an artificial site which is not exactly similar to a certain site still be able to do this phishing practice. As long as it can convince target victims. It’s like some phishing sites with frills getting free gems, or a BBM phishing sites which in reality they never existed before. But they got many victims.
How to Avoid Phishing
Actually, a phishing effectiveness depends on the caution and awareness of the targets. It’s very easy to find out whether or not a web page is a phishing when you are careful enough. Then, your account should remain safe. The only one thing you need to do to avoid phishing is to notice to a web address or URL of the destination site. Make sure you know which one is the official URL for a certain site you are going to visit.
For example, twitter.com/login is absolutely different from twitter.access-logins.com/login, although both of them look official. The first address is the official page of Twitter, while the second address is a subdomain of access-logins.com. This type of phishing activity uses a subdomain.
Besides, there is also another type of fake page address or URL domain that make a phishing page. The hacker is spoiling one or two letters that looks almost similar to the original URL. For example, the original one is Facebook.com but the hacker makes a trapping page with Faceb00k.com or Fakebook.com. Most hackers use this type of phishing to trap users who are less careful.
Most phishing practices found on social media sites where the hackers spread fake login page URLs in the form of adult photos or videos which lure the target victims to click.
Some popular web browsers will display a link destination URL address at the bottom left of the screen of your computer monitor of a link when you are pointing your cursor to the link.
Normally, a shared video on a Facebook or Twitter won’t show a destination URL when you point your cursor on it. But many posts on Facebook or Twitter share a video look-alike image which ready to click. When you point your cursor to the image it shows a destination URL. If such post exists on your social media home feed, it could be a phishing URL or just an advertising URL. The point here is you should be careful to check a destination address or a URL.
However, there is another type of phishing which is terrific. This phrasing makes a target victims unlikely to recognize the authenticity of a site. The domain can be exactly the same but it turns out that the site is absolutely fake. This may occur due to a virus attack as a computer user download and install a free software program with a bundled harmful computer virus on it.
This type of phishing practice is a bit complicated as it involves a proxy or “Man In The Middle” attacks that require additional capabilities. How to avoid Man in The Middle attack is by understanding the DNS. Then, you will be easily avoiding this type of phishing.
A “Man in The Middle Attack” phishing infects a with a virus or malware. The virus or malware changes some settings in the browser you usually to use a proxy you don’t recognize. In that proxy, the virus set abnormal settings with some domains to go to a wrong IP address.
You need to be extra careful to avoid this kind of phishing. If you are using Chrome browser, check in settings menu → advance settings. There, check the network proxy, the default is not using a proxy. In this case, if you find a proxy where you never add it, immediately remove that proxy.
Then, find out some suspicious extensions or plugins as well. As this way of phishing is more complicated which is using viruses and advanced tools, the target is certainly to stole money.