If you sit and think about it for a second, online phishing is not that far from actual fishing. The one major difference is that the online fishermen are criminals. Unlike the tuna, fluke or salmon that you may recreationally fish for, the trophies that these fraudsters are after are your personal data, banking credentials and so on.
Unfortunately there is no real cure for phishing attacks aside from paranoia-level vigilance on the case of the end user. This threat is like the flu — constantly evolving and changing attack approaches. Fraudsters can launch personal phishing campaigns, directed at employees of a certain organization or mothers at waiting. This reminds you of some kind of a maleficent marketing, doesn’t it?
There are numerous ways to take the bait: accessing public Wi-Fi, logging into a fake website or following a link in a “cool” discount email promising exclusive Black Friday or Christmas deals. It’s impossible to enumerate all the cases.
— Kaspersky Lab (@kaspersky) June 23, 2015
In fine, it’s easy to get infected. But how users protect themselves?
- Always check the link, which you are going to open. If it has some spelling issues, take a double-take to be sure — fraudsters can try to push on a fake page to you.
- Enter your username and password only when connection is secured. If you see the “https” prefix before the site URL, it means that everything is OK. If there is no “s” (secure) — beware.
— Kaspersky Lab (@kaspersky) January 5, 2015
- Even if you’ve received a message or a letter from one of your best friends, remember: they could also have been fooled or hacked. That’s why you should remain cautious in any situation.
- The same applies to the emails from official organizations, such as banks, tax agencies, online-shops, travelling agencies, airlines and so on. Even from your own office. It’s not that hard to fabricate a fake letter that looks like a real one.
A FIFA-related phishing site included a downloadable ticket, which was really a malicious form of the Banker Trojan: http://t.co/YJ0FIfZtFv
— Kaspersky Lab (@kaspersky) May 30, 2014
- Sometimes emails and websites look just the same as real ones. It depends on how decently fraudsters did their “homework.” But the hyperlinks, most likely, will be incorrect — with spelling mistakes, or they can address you to a different place. You can look for these tokens to tell a reliable site from a fraud.
- It’s better not to follow links in such letters at all. Instead you can open a new window and enter the URL of your banks or online shop manually. In this case you’ll not miss a discount or a special offer (if there is one) — and will not become a fraudsters’ victim.
— Kaspersky Lab (@kaspersky) March 23, 2015
- When discovering a phishing campaign, you should report it to the bank (if the fraud imitates the bank emails) or to the support desk of your social media network (if malicious links are sent by one of the users) and so forth. This really helps to catch criminals.
- If you can, don’t log in to online banks and similar services via public Wi-Fi networks in cafes or on the streets. It’s better to use mobile connection or wait a bit then lose all the money on your credit card. The thing is that these networks can be created by fraudsters, who spoof website addresses during the connection and thereby redirect you to a fake page.
— Kaspersky Lab (@kaspersky) November 12, 2015
- Files sent by you massively multiplayer online role-playing game comrades may be malicious ransomware or even spyware, just like attachments to messages and emails. So be vigilant!
- Install Kaspersky Internet Security and follow its recommendations. Our AV solution will solve the majority of problems automatically and alarm you if necessary.