Every once in a while your email spam filter lets an email slip by it and make it into the mail box that could be proclaiming anything from a bank asking its customer to “verify an account” to the Spanish lottery commission congratulating you on “winning the lottery”.
This kind of attack aims to pull a slight of hand trick on web users and fooling them into providing their private information to the attacker. In a phishing attack, the aim is to bait the user into believing that the email and website they are getting redirected to are legitimate. The scheme collapses once the user doesn’t take the bait.
The aim of this post is to discuss some of the best precautions you can take to protect yourself.
Tip 1 Be skeptical
Any legitimate organization would not ask for your user name, password or credit card information over email. Unless you are 100% sure that the email is legitimate, you should just ignore it. But if you can’t help but think the email might be legit, you should never trust the links sent to you by email. Instead, browse to the relevant website by typing the company or bank’s URL address by yourself. If there is anything that the company wants to inform its users with, then it will have it announced on their website.
“Chances are if you were never in Spain and never bought a lottery ticket in your life, you will not win the lottery. “
Tip 2 Never click on links in e-mails
This cannot be emphasized enough when it comes to phishing attacks: Never click on any links in suspicious emails. If you feel that you must check out a link, it’s preferable to reach the page on your own accord by copying that link and pasting it into the browser. The reason is that while a link might look like its linking to a legitimate website, it might actually be redirecting you to a completely different one. See the image below.
Tip 3 Use phishing filters
You are better protected from malicious attacks if you use an up-to-date browser. Internet browsers such as Internet Explorer 7.0+ and Firefox 2.0+ have built in phishing filters that will warn you when you’re trying to access a suspicious website. Even phishers and scammers attest to the effectiveness of using an up-to-date browser.
Tip 4 Keep an eye on your browser’s add-ons
Some browser add-ons are known to be malicious spyware, which other than sending loads of information about your Internet usage and maybe passwords, can cause your browser to hang repeatedly. This includes products such as MyWay.MyWebSearch, FunWeb and FunWebProducts. To be safe, just keep plugins that you need and trust enabled, and disable the rest.
Tip 5 Check SSL certificates
That’s not something that people often do, but if you’re too worried about your security, you should check that the website you’re about to divulge sensitive information to is well authenticated. Make sure that the certificate belongs to the relevant company, eg. Microsoft for Hotmail or Google for Gmail and so on.

Check SSL certificates
Tip 6 Use an up-to-date anti-virus software
Keeping your PC virus free is very important, too. Some viruses were reported to wait for you to access your bank account, that’s when it starts capturing all keystrokes hit along with screen shots of what you are currently viewing and send all this information back to the attacker. Others can trick your browsers into redirecting you to the attacker’s website even though you typed in the correct URL! Just take my word for it and keep your anti-virus software up-to-date.
Tip 7 Turn the table
If you still think that the email or website is legitimate, it is preferable to provide the wrong information the first time around, this is the last defense you, as a user, have. If the email or website is legitimate then they will inform their customer that the information is incorrect, while a phishing website wouldn’t know any better, and in most cases just redirect the user to the legitimate site’s homepage.
Finally, if you slip and give out your password to a phishing website, close it, login to the legitimate website, and change your password immediately. That’s just until researchers finish up cheap password fobs, image-based passwords and other password replacement options they have hidden for the future.
Stay safe and be always skeptical whenever someone asks about your private information, and just like your mother used to say “Don’t trust strangers“!
Are there any tips that you would like to add to those? Have you ever been a victim of such an attack? Please let us hear your side of the story.
Brilliant tips! It is scary how many tricks those people can pull! The other day, I recieved an email on my yahoo mail that was titled by yahoo support and in which asked me about many information. It also had an attached warning to shut down my email if I didn't provide the information they asked for! It was kind of convincing because it appeared to come from Yahoo themselves, but I felt something wrong and decided not to act on it. I am sure that many others have fall into the trap!
Great security tips! The SSL certificates issue is something I didn't really know about!
I am sure, sooner or later, there will be more attacks and more security tips to spare, I'll be waiting for you to let us know of them :)
Great tips. The phishers are getting better every day. You say, “Don’t trust strangers“! but sometimes they come in the guise of people you know.
It's more about what u do than what you know. because a lot of us might know about those tips but very few actually bother to do them
[…] how tens of thousands of webmail accounts were compromised and wrote another post with 7 tips to protect yourself from phishing. In this post, we will focus on some tips and steps that will help with managing and strengthening […]
[…] 7 Security Tips: Be the Phish That Got Away (thoughtpick.com) […]
Your post will help lots of ppl.
this is really a big help!! thanks for sharing this article.. more power!
I seldom do the above work before visiting a website. Avast will protect me if there is any risk.
I dont think that this is worthy of a review by a writer of your caliber.