Tuesday, March 7th, 2017
What is phishing? In light of recent events, I’m compelled to answer this question and how you can prevent it.
If you don’t watch news or you’re not from the Philippines, let me tell you the story of Christian. Christian is a college student who made a lot of money online through scamming people and hacking their credit card information.
He sent emails to credit card holders with a link to verify or update their accounts and “failure to do so may result in account termination”. Then he made a duplicate of the bank’s website.
A lot of people fell for Christian’s imposter email and website because they didn’t know any better. And Christian retrieved credit card information from his victims through this fake website. Phishing is as simple as that.
He sold the credit card information for 5,000 Pesos. He also used the information to purchase things for himself.
“Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.”
– From our good old friend, Wikipedia
There are many kinds of phishing but the goal is the same – to lure victims into handing over their personal information.
You and I can’t control phishers. We can’t demand them to stop phishing (we can but they probably won’t listen to us anyway). But we can control our own actions in order to prevent getting “phished”.
The most common phishing attacks start via email. For example, attackers will send you an urgent email request, instructing you to click on a link to resolve issues with your account.
What you should do instead is directly type the website URL into your browser or use bookmarks.
When you receive an “urgent” issue with your bank account (or any account) via email, call your bank instead.
Nowadays, email is NOT the only starting point of phishing attacks. Some come from social media and downloaded files. An emerging phishing scam over the past years is redirecting users to a fake login page of Facebook. Your best bet is to enter information to secure websites only.
Related: How to Spot a Secure Website
Use an antivirus, a firewall, and scam filter software. Also make sure that your web browsers are up-to-date. These are common sense but some people want to learn the hard way.
Did you know that malicious emails can install malware via an email attachment which can allow attackers to obtain your sensitive information?
Free public WiFi is great…but it’s less safe than your private network at home. Why? Because you’re not the only one connected.
So? All information sent over unsecured public WiFi can be viewed by others using the same network (if they knew how to).
Did you know that a hacker can eavesdrop on your data over an unsecured WiFi router?
So there we have it. Now we know what phishing is, and how to prevent it – congratulations to us!
Most of these tips are common sense and yet people are still falling victims and hence…this post exists. Share it to your friends and family. You might save them from falling for the next phishing scam that’s just around the corner, waiting for uninformed victims.
As for Christian the hacker, he’s facing charges for violation of Cybercrime laws. The bank found out about his illegal endeavors and he was reported to the NBI. (If only he used his knowledge and talent to help other people, right?)
The bad news is that people like Christian will come around all the time. The good news is that we know what phishing is and how to prevent it. Admit it – the preventive steps are pretty simple.
If you have any questions or reactions, I’d love it if you’ll leave a comment below. I won’t bite (even if you want me too).