How to Detect and Prevent Phishing Scams

 

Overview of Phishing Scams


The unique purpose of a Phishing scams is to obtain your sensitive information to do frauds. Scammers send mass emails to every address they can find. Typically the email will appear to come from a bank or financial institution. It is e-mail content to prompt you to update your information for some reason, and they usually provide a link that you can click to do so.
This all sounds reasonable and it may look legitimate; phishing scams are anything but legitimate. The link provided does not take you to the financial institution’s website. Instead, you’ll be submitting your information to a website run by the scammers.
 

Why Scammers Use Phishing Scams


Why would somebody do this? Well, you can gather a lot of sensitive information with a phishing scam. First, you can get somebody’s account number and password. Then you can try to hijack their assets. Some phishing scams ask for all of your personal information (SSN, mother’s maiden name, date of birth, etc) so that they can steal your identity and open credit accounts in your name. Some victims of phishing scams have given up their credit card numbers only to find that the card was used fraudulently.
 

How to Detect Phishing Scam Emails


Most of the phishing scams are carried through phishing emails,so the most important key to prevent phishing scam is how to distinguish phishing emails. Detecting most of these phishing emails is easy, using a number of security products is the most convenient way, such as Ax3soft Sax2,it is a professional intrusion detection and prevention system (IDS) used to detect intrusion and attacks, for more information, visit http://www.ids-sax2.com/SaxIDS.htm.
if you are a bit careful. Then the followings are several ways that can help you identify phishing emails。

  •  Look for your Name in the address: Phishers, generally don’t know the names of their targets. They are actually phishing for the weak and unalarmed users to make their targets. Look for the header of the email you received. If you do not find your name or email address in the address bar, this is a red sign. You have to be cautious on this email. See Figure below.

  • Look for the Salutation / Greetings: Generally, the financial organizations are very careful about the personal experience which their users get while transacting with them. One usual practice taken care by them is to greet their customers with the name. If you do not find any greeting or salutation, then it is also a thing to deal the email with caution. We are not saying that all emails without salutation are phishing emails, but this is definitely a preliminary way of raising your alarm bell. See Figure Below.

  • Look for the URLs as shown in the emails and your Browser Status Bar: Nowadays, most of the browsers display the URL in their status bar if you hover your mouse over a hyperlink. This is your most important trick to quickly discover most of the phishing attempts. Hover your mouse over the link, and without clicking just look down below at your status bar. Compare the two links very cautiously.
  •  Look if any generic name is there in the salutation: Like mentioned above, if you do not find a salutation, or you find a generic salutation, then it is time to be concerned. We are not saying that all such emails are phishing, there are many exceptions to this as well, but it is surely a sign to be more cautious and look for other clues. See Figure Below.

  • Look for Poor Grammer and Salutation: Without prejudice to any country or race, it has been observed that most of the phishing attacks are from countries where population is not English speaking. And it leaves a mark everywhere. Since phishers are generally individuals, not organizations, and mostly operating from close confines, there are small grammatical and punctuation mistakes in their copy. Look for them, and be warned.

  • Do not rely on the link address shown in the Browser Status Bar: Even if, you find that the URL address as shown in the Browser Status Bar is exactly the same as that shown in the email, there are chances that the actual hyperlink is pointing to somewhere else. In such a case, your safest bet is to just select the URL and copy it. Open a second browser windows, paste the address there and press enter. Remember, do not use the Copy Link Location command from the right click menu. It will defeat the entire purpose.
     
  • Do not rely even if you find your name in the salutation or address: With the advancement of technology, phishing techniques are also getting smarter every day. Now phishers dig deep and research to find the name and addresses of their targets. So even if you find that proper Greetings and salutations are there, still there are chances that you are staring at a phishing scam attempt.

  •  Look for the domain name of the link: The domain names tell you many things. If the domain name of the URL, to where your Browser status bar is pointing, is same as your financial institution, then you are most like safe. But be very cautious here. You should be knowing, what exactly is the domain address in a URL. Phishers try to make it look like the original domain, and you have to find the actual domain name from that.

  • Use Copy & Paste: Yes it is really good idea. But remember, don’t use Copy Link Location from the right click menu.