I have been hearing a lot about phishing lately. From an attacker’s point of view, it is quite a concept, and I reckon a very successful one. You can have the best antivirus software, but you cannot be protected from phishing. Only common sense can protect you. And as phisher’s get more sophisticated, it is hard to tell the legitimate from the fake. Of course, there are some common thumb rules to follow, but before all, you, as internet user, has to be aware of what is phishing.
I remember the first time I got a suspicious link. It was not in my inbox, but as an offline in Yahoo messenger. The offline asked me to click on a link and read Yahoo’s updated TOS. I clicked on the link rather unsuspectingly, but was taken to a page that looked a lot like Yahoo’s login page, but not quite authentic. I could make out in an instant that this was some kind of a joke. So as a simple test, I purposely gave a wrong password while logging in. Just out of curiosity. Two interesting things happened. Firstly, as expected, the page did not give me a ‘wrong password’ message. Of course, how would it know, when it isn’t a real Yahoo page? So I beat the phishers. Secondly, after signing in, I was taken to Yahoo’s own TOS page. Now that was a nice touch of authenticity. An unsuspecting user wouldn’t have a clue that s/he has just been tricked! I am sure the phishers obtained a lot of Yahoo logins and passwords this way.
Basically, common sense saved me in this situation. I was suspicious and I tested the system out by trying something out of the ordinary – purposely entering a wrong password. I think this is something which any of you can do, when logging in to a suspicious looking page. Another thing you can do is change your DNS servers to that of OpenDNS. I am not sure how effective they are in stopping phishing attacks, but there’s no harm in using their service. Thirdly, email services these days have become smarter at detecting phished links. So always be attentive and don’t click on every link that comes into your mailbox. And whenever in doubt, don’t forget my little trick