IT Update – Detecting phishing scams

June 3rd, 2016

Don’t be a sucker, avoid being scammed!

Phishing scams—the ones that try to get you to provide private information by masquerading as a legitimate company—can be easy to uncover with a sceptical eye, but some can easily get you when you let your guard down for just a second. Here’s how you can boost your phishing detection skills and protect yourself during those times when you’re not at full attention.

What can you do?

The way most phishing scams find victims is through email, but sometimes you’ll come across a phishing site in the wild as well. Either way, here are the basic principles you want to follow to keep a cautious eye out for these malicious traps.

Check the URL

Phishing scams are designed to look like official emails and web sites from actual companies, but they aren’t actually those things—they’re just imitations. Because the emails and web sites are imitations they’ll probably look a little different from what you’d expect in general, but more importantly those sites can’t have the same URL as the web site they’re pretending to be because they are different sites. To check the URL, just hover over the link you’re thinking of clicking. At the bottom of your window you should see the URL displayed. Once you do that, you have to figure out if it is a good URL or a bad URL.

Type the address yourself

The best thing you can do to avoid phishing scams is always go directly to the web site you want to visit rather than clicking a link. This way you don’t have to figure out if the URL is safe or not because you’ll be using a URL in your bookmarks (or your brain) that you already know is safe. Doing this can also help protect you from phishing scams when you let your guard down because you’ll be in the habit of visiting sites directly rather than clicking links.

What can your browser do for you?

Detecting phishing scams on your own mainly requires some mild paranoia and the behavioural adjustment as described above, but there are a few other things you can do to make your everyday browsing safer.

One great feature of many web browsers is the autofill feature. It makes it really easy to fill out forms using information already stored in the browser. It also makes it easy for you to ignore the form you’re filling out and just submit it, causing you to potentially miss a phishing scam when you’re rushing through the process. While this precaution isn’t necessary, and you might prefer the convenience of autofill to the safety benefits that deactivating it can provide, turning it off will provide a little added protection.

Most browsers come with some phishing protection built-in to help protect you, but it isn’t always enabled by default. Google Chrome keeps track of common phishing sites and can alert you when you visit one, but you may need to go through a short setup process to make it work. Firefox also offers phishing and malware protection in a similar way, and you can enable it in the security section of Firefox’s preferences.