A phishing attack is when someone sends you an email or a link pretending to be someone else. For example, you get an email from Twitter asking you to enter your credentials just to make sure that you still have access to your account. Not suspecting anything, you click the link and enter your credentials. What you don’t notice is, the link where you are entering your credentials is not from Twitter but from somewhere else, but very few people check this. There, you have given your Twitter login and password to someone else.
The same thing can happen with your bank account or your email account. You may receive an email suggesting you to log in to your bank account so that your information can be updated. When you log in, you don’t pay attention that the link is not from your bank but from a link that seems similar to your bank’s link. There, you have given your bank details to someone else.
This Wired report says that 100,000 new phishing attacks are reported every month, just in the US. All over the world, there can be hundreds of thousands of phishing attacks.
How do you guard yourself against phishing attacks?
In 99.99% cases the success of a phishing attack depends on your susceptibility. If you are careful, only a very sinister phishing attack can succeed against you. Here are a few things you can do to make sure that you never become a victim of a phishing attack:
- Never just randomly click the links that are given in your email even if the link comes from your loved ones. Just because it doesn’t cost you anything to click a link, doesn’t mean that you click it without giving a second thought.
- Be careful of where the email is coming from. The above link gives a very nice example. Sometimes people who mount a phishing attack on you may use an email from a person familiar to you. For example, casually it might be very difficult to distinguish between email@example.com and firstname.lastname@example.org (in the first email apple contains an ell, in the second email it is “1”, numeric one). You may think that you are getting an email from a legitimate person whereas it is coming from a phishing attack source.
- Use double factor authentication. With double factor authentication even if someone gets access to your login details, he or she cannot login without an OTP (one-time password).
There is no anti-phishing software. The only way you can guard yourself against phishing attacks is by being careful and vigilant.