Thanks to the internet, many services and goods have become closer to us, and online payment has become a common thing for millions of people. We leave our payment details in the online space. And, of course, scammers are trying to take advantage of this. In this article, we will talk about what phishing is, why it is so common, and how to counter it.>
What is phishing and phishing sites?
Phishing is a type of internet scam aimed at stealing sensitive electronic information. Often the goal is to obtain a username, password, and bank card number.
At the same time, criminals pose their fake site as a well-known and reliable web resource. For that, they copy the design and even the URL as much as possible, adding only one or two characters that distinguish it from the original. It is very difficult to tell the difference with the naked eye.
To understand what a phishing site is, it is enough to remember the numerous spam emails with promises of prizes as soon as you follow the link and enter personal data. Of course, in fact, the criminal will receive the prize, if you trust. Similar schemes are carried out over the phone, in messages, and even through online advertising.
Moreover, there can be many reasons: confirmation of authorization on the site, unsubscribing from spam, installation of an extremely useful application, a significant discount on a product or a gift for it. About 80% of fake web resources offer the service of replenishing a mobile account. Of course, you will not receive any funds.
Most often, phishers copy well-known sites with a good reputation. Customers usually go to such a web resource without looking at the details and order a specific service or product. They are not afraid to enter their payment details, as they have already done this many times.
Examples related to the use of phishing sites
Links to phishing sites can be sent by email. The request to confirm the login and password on a resource known to you will actually lead to the fact that this data will fall into the hands of scammers. You ask: where did they even get your address from? Unfortunately, it is easy to buy a database and then spam millions of potential victims within hours. But there is good news: such servers are actively figured out and blocked. So, the method is gradually losing relevance.
Sometimes even a link is not needed. You are simply asked to respond to a letter. It will look like if it belongs to a safe organization, as scammers have learned how to replace the “Mail From:” string. If you send your personal data, it will go to a different address, and then it will be used for criminal purposes.
Online auctions are another huge phishing field. After all, attackers place goods on real, fairly well-known and completely legitimate web resources, but they use their own fake website to receive funds.
A fictitious online store with too low prices, or even a charitable foundation. In general, everything is simple here: you send money—and they disappear into nowhere. Even worse, if you enter the card details directly on the resource, then everything is withdrawn from your account.
A fake app that provides incredible features, such as following the activities of your friends on social networks. But you can't even test the functionality until you pay money. But in fact, it is simply impossible to implement it.
How to check the authenticity of a site?
So that you don’t even think about whether this is an original web resource, scammers strive to capture your attention from the first seconds of your stay on it. Here, an offer to win the latest iPhone model or something no less valuable may appear on the screen. Most likely, the effect will be enhanced by a fake timer that will force you to rush in order not to miss the opportunity.
A duplicate site can, on the contrary, immediately cause you a feeling of fear. For example, to offer to check the reliability of the protection of your data - no matter how ironic it is. And for that, you have to share your data. Remember one simple rule: as soon as you have a desire to enter your card number or enter other confidential data, you should first check the site for phishing.
Here are the signs of a clone:
- incorrect domain name — literally one character, extra dot or extension can differ;
- absence of an SSL certificate — the site starts with “http://”, and next to the address the words “not secure”;
- imperfection of the text and design — spelling errors, unnecessary elements, the wrong name of the organization itself;
- unusual structure of the web resource, strange contact details and illogical physical address;
- on the Whois service, you can enter a web address and see the recent creation date of the domain and the owner's data—a private, not a legal entity;
- absence of a user agreement, terms of payment and delivery (if it is an online store). If all this is present—it is better to read.
Checking the site for phishing will never be superfluous, as we are talking about the security of your private data.
How to protect yourself from clone sites?
To protect yourself from phishing attacks, never forget about security measures. Follow the following tips.
First, remember that scammers are interested in certain data. Only scammers can ask for card pin codes, passwords for email accounts and social network accounts in a letter.
Use a modern antivirus program. Look closely at its warnings, as well as messages from social networks and browsers about suspicious resources. Chrome, Firefox, Safari, and some others have an effective anti-phishing filter. Emails that go straight to spam are almost always spam.
Phishing sites often look like they were made hastily. If this impression occurs, check the page for the signs described above. Take a closer look at the correctness of the address bar and the presence of a certificate for encrypting confidential data.
Pay attention to especially emotional messages. If the email begins with a caps phrase about a threat or, on the contrary, a big win, turn on skepticism and meticulously analyze whether this is even possible.
Do not access bank websites through public Wi-Fi. Fraudsters can intercept data just by sitting nearby. So, it is better to use mobile internet. We also recommend that you set up two-factor authentication on such resources, and keep the actual links somewhere just in case.
Do not follow suspicious links. Find a familiar resource in the browser yourself. And if it came from a friend, and even contains shortened links like bit.ly or goo.gl, call and ask if he really sent it to you. Probably his account was hacked and he doesn't even know.
There is one useful resource — the EMA website. Respectable citizens report here all suspicious activities related to payment transactions, and the service itself carefully monitors the internet. You can search for the site you ended up on in its Blacklist.
What to do when you face a phishing site?
If you have to deal with fraudulent sites, now you will recognize them in time. But how to proceed? The best solution is to help the real company, search engine, and users get rid of them.
Go to the original site and report the fact of phishing to the administrator. Tip: Most often, a company's real email address starts with support or info.
Contact a payment provider — a company that provides the ability to accept payments online. If he does not actually own the suspicious resource's payment form, when so indicated, he must take an action. The address of the customer support service is easy to find on the official website.
Even the Google search engine has a special form for reporting phishing pages. Making a complaint will take a minute, but it will prevent further illegal actions of intruders.
After requesting Whois information, you will know the hosting of the domain. Its administrators should also report the scam site as soon as possible. Then in the near future it will be blocked.
If you realize that your confidential data fell into the hands of scammers, you should act really fast. To protect the funds in your bank account, change your password. If you use the same one somewhere else, then come up with a new one there too.
If you have already sent funds to a fraudulent account, call your bank's hotline. There is a chance to urgently return the funds. You can then temporarily block any payments.
How to protect your site from being copied by scammers?
Do you have an own website with a good reputation and a large flow of customers? That is fine, but then you are at risk. We advise you to take measures to prevent phishing attacks on your resource.
Register the rights to the domain according to all the rules. Don't neglect titles of protection such as industrial designs, trademark certificates, and so on. Make sure you have at least EV level SSL certification. Ideally, additionally apply for domains that are similar to your current one. Without options, attackers simply won't be able to phish your site.
From time to time, look for clones on the internet. It is wise to delegate this task on an ongoing basis to one of the site administrators. Then you will be able to notice and appeal the fake in a timely manner. Also, be sure to check user testimonials about suspicious resources or troubles with yours. Remember, if one of the clients is deceived by phishers, he will complain you firstly.
On the internet, you need to be careful to protect yourself from confidential data thieves. Now you know how to check any site when you plan to enter payment information, pin, or password. Report suspicious resources to the proper authorities to counter cyber criminals. Take care of protecting your resource from phishers.