How to protect yourself from being phished

Phishing is the number one reason why people lose access to their email, banking and even social networking accounts. Anytime you or your friend say your “account got hacked”, this is what happened. In reality, your account didn’t get hacked! If it did, then you’re saying that someone out there was able to break into the servers that hold your account and somehow retrieve access to your account. If that had happened, I can guarantee that I would never do business with a site like that again!

In fact, what did happen was that someone duped you into giving up your login information and this is far from a hack–it’s simply an ingenius way to fool the unsuspecting.

How does phishing work?

It’s the ultimate form of deception in the online world. Here’s the basic scam:

  1. The attacker sets up a website that looks identical to the site he/she is trying to gain access to.
  2. You receive an email that tells you that you have to sign into your account for some reason.
  3. The message contains a link that looks legitimate, but then takes you to the fake site instead.
  4. Once on the site, you ‘login’, but nothing happens.
  5. By clicking the login button, you’ve just sent your username and password to the attacker.

I’m always surprised when I hear that people have fallen for these scams–especially because today’s antivirus software and even web browsers all generally have automated protections against known phishing threats.

So how do you keep from getting phished?

The number one rule to remember is always check the link you’re clicking on. Just because it says http://www.facebook.com/login doesn’t mean it’s actually going there. Here are the best ways to keep your account information safe:

  • Always check the URL once you click on a link. This cannot be faked! If you click on a link that’s supposed to go to Facebook, make sure that the URL in the address bar says Facebook.com.
    URL address bar
  • Don’t click on links in emails. If you really want to be safe, just don’t click on the link. You can always go to the site manually and login. A lot of these scam emails will say that you need to login to update something in your account. Ok, so maybe you want to be sure. Just go to your browse and manually type in facebook.com and login to see what’s going on in your account.
  • Login with fake information. If you’re still not sure about the site you’re on, try to login with an obviously wrong username/password combination. If the site is real, you’ll get an error message saying your login information is wrong. If the site is fake, you won’t see anything happen.
  • Pay attention. A legitimate site will never ask you for your username and password and therefore would never ask you to login to your account to change some mundane details. If the site has a legitimate purpose for having you log into your account, they will usually tell you to login first to see an important message rather than sending it in an email.

What can I do if I got phished?

This depends on when you find out what happened. If you sent your login info and you realized right away that it was a scam, go log into the real site and quickly change your password. These scammers will usually send out the fake email to thousands of users at one time in hopes to get a few bites and they may not have sorted through all the login info they received by the time you found out, so you may still have a chance to save your account.

If you were already scammed and you lost access to your account, you need to contact the company that runs the site to explain what happened. They usually won’t turn over accounts based on a simple request, but they can monitor the account for suspicious activity and/or shut it down. However, don’t expect to get your account back. This rarely happens as it’s almost impossible for you to prove that you’re the rightful owner.

Help others in the community when you come across a known scam or specific person involved by alerting your friends not to respond to their requests. You should also report this information to the website they are attacking.

Final thought

Phishing will never disappear just like viruses, spam, black-hat hackers and other threats out there. There’s an old saying that says “Never let a sucker keep his money.” Don’t be the sucker. Don’t rely 100% on your antivirus software for for big name website to shut these scammers down. You need to rely on your knowledge to help you wade through these types of threats when using a computer.

Lastly, if you’re not to sure about a specific website or link, don’t enter any personal information on it!