What is Phishing ?

 What is Phishing ?

WHAT IS IT ABOUT?

Phishing is a way of attempting to acquire sensitive information such as

• Usernames
• Passwords
• Credit/Debit Card details.

by masquerading as a trustworthy entity in an electronic communication

• Phishing is typically carried out by e-mail or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
• Fraudsters use vishing (Voice phishing) along with phishing tricking individuals into revealing critical financial or personal information.

HOW TO PREVENT PHISHING ATTACKS?

Though hackers are constantly coming up with new techniques, there are some things that you can do to protect yourself and your organization:

• To protect against spam mails, spam filters can be used. Generally, the filters assess the origin of the message, the software used to send the message, and the appearance of the message to determine if it’s spam. Occasionally, spam filters may even block emails from legitimate sources, so it isn’t always 100% accurate.
• The browser settings should be changed to prevent fraudulent websites from opening.
• Browsers keep a list of fake websites and when you try to access the website, the address is blocked or an alert message is shown. The settings of the browser should only allow reliable websites to open up.
• Many websites require users to enter login information while the user image is displayed. This type of system may be open to security attacks. One way to ensure security is to change passwords on a regular basis, and never use the same password for multiple accounts.
• Banks and financial organizations use monitoring systems to prevent phishing. Individuals can report phishing to industry groups where legal actions can be taken against these fraudulent websites. Organizations should provide security awareness training to employees to recognize the risks.
• Changes in browsing habits are required to prevent phishing. If verification is required, always contact the company personally before entering any details online.
• If there is a link in an email, hover over the URL first. Secure websites with a valid Secure Socket Layer (SSL) certificate begin with “https”. Eventually all sites will be required to have a valid SSL.

Generally, emails sent by a cybercriminals are masked so they appear to be sent by a business whose services are used by the recipient.A bank will not ask for personal information via email or suspend your account if you do not update your personal details within a certain period of time. Most banks and financial institutions also usually provide an account number or other personal details within the email, which ensures it’s coming from a reliable source.