Phishing is an age-old Internet pothole. It’s survived since the early ages of AOL chatrooms for one simple reason: It really works. The setup is simple: A bad guy poses as a trusted entity online to steal your personal information.
Just ask the U.S. government, which we recently learned has adopted phishing techniques to spy on millions of people. It’s probably about time you learn a little about how to avoid getting phished yourself, no?
What is phishing?
Phishing is the online version of being conned. Imagine Leonardo DiCaprio’s character from Catch Me If You Can but less charming. These scammers sit at their computers and pretend to be legitimate trusted companies (like Microsoft or Netflix) as a way of tricking you into handing over personal details like login info, credit card numbers and sometimes even money.
How can it happen to me?
Phishing comes in many forms: emails that seem like they’re from Wells Fargo or Facebook, instant messages or communications from people on popular social networks like Twitter or Facebook. It all starts with a link. Once you click it, you’re redirected to a pharming website that looks identical to whichever company the scammer is posing as. You’re then prompted to enter your login information.
From there, scammers might lure you to other sites or try to trick you into downloading attachments that unleash viruses, keystroke-tracking software or other malware.
I’m pretty sure I’d know if I was being scammed.
You are most certainly an intelligent human being who can smell the stink of a sleazy salesman or a tourist trap. But when it comes to phishing, you might be less savvy than you think. Last year, researchers at North Carolina State University asked a group of 53 undergraduates to distinguish malicious emails from legitimate ones, and nearly everyone in the group failed. Keep in mind that these were students, meaning that they were likely young Internet natives. In other words, scammers are getting just as sophisticated as the people they’re exploiting.
OK, OK. What are a few things I should look out for?
Glad you asked! Here’s the super-simple version:
• Don’t click on hyperlinks in emails from people you don’t know. This piece of advice is a little less obvious than you think. Yes, your mother, husband, sister and aunt are not trying to send you spam. But that doesn’t mean that their email accounts aren’t vulnerable to being hacked. So always make sure to hover your mouse over the linked phrase in question. Usually the address of the item will pop up in a gray box at the bottom-left corner of your browser. Like so:
If it doesn’t look familiar, steer clear.
Also, smartphone operating systems are currently much less vulnerable than those of your computer. So if you’re unsure about something, try opening it on your mobile device (Apple products are usually less vulnerable to viruses). This might protect you from getting malware, but if you start typing in your bank account number on a phony site, you’re still in a world of trouble.
• Verify your web URLs. Whenever you visit a site that requires you to enter sensitive information (credit card numbers, your Social Security number or other financial information), check the URL in your search bar. It should show “https://” rather than “http://,” and usually a secure connection is displayed with a little padlock image like the one below. You can double-click the padlock to see the security info that lets your browser verify that the site you’re connecting to is what you think it is. SSL stands for Secure Sockets Layer. It keeps all the communication between your browser and your websites’ servers private and secure.
• Just completely ignore pop-up windows. Pop-up windows are inherently sketchy because without a bar that displays a site’s URL, you can’t actually verify that it’s a secure site. So don’t enter your sensitive info into one, and always make sure to click the X in the top corner of the box to get rid of them. Clicking the Cancel button can sometimes send you to a link, or automatically install malware.
• Look out for weirdly formal language. Modern companies don’t usually write royal English or handpick their customers to receive thousands of dollars. If anyone calls you “Sir or Madame” in an email and she’s not the Dowager Countess from Downton Abbey, it’s probably a scam.
Do I have to, like, download some software?
Yeah, that’d be a good idea.
• First and foremost, you should get antivirus software that will help protect you from bad stuff floating around online. The type you should choose depends entirely on your operating system. Here’s a good resource for PC owners. And if you don’t want to spend any money, this is a legit list of free services. Whatever you choose, make sure to keep it up to date. Your web browser is much more susceptible to a hijacking if your security software goes stale.
• Anti-spam software isn’t essential, but it lowers your chances of falling victim to a phishing attack, since many of them come in spam form. PC Mag has an extensive list here. And many browsers provide add-ons that help protect your computer. Chrome, for instance, has a free AdBlock extension. So does Firefox.
• And then there’s anti-spyware software. Unlike malware, which is intended to damage or disable your computer system, spyware infiltrates your hard drive to collect information. This is something that Windows owners, above all others, must be cautious of. Here’s a list of free anti-spyware software that can prevent the problem before it happens.
This is really overwhelming.
I feel you. And this is the simple version.
Why can’t companies just make products more secure from the get-go?
You’re not alone in asking that! Former NSA contractor and whistleblower Edward Snowden said he thinks they should, too, at South by Southwest this week.
That doesn’t make me feel any better.
Sorry! Here’s a confused cat GIF to help.
Like Yahoo Tech on Facebook for all the latest.