Phishing Scams
Phishing is a form of scam where the scammer builds a fake version of a popular website to fool people to enter their login details and harvest the information.
The fake site can look identical to the real one, but once you enter your information & submit it will be sent to the scammer instead, they will in turn use this information for nefarious purposes or sell it to spammers.
Sites often faked are:
- Popular Social media sites (Facebook/Twitter/LinkedIn)
- Banking Sites
- Online Payment systems (Paypal)
- Webmail clients (Gmail/Hotmail/Outlook/Yahoo mail)
Best practices:
- Keep in mind legitimate websites will never e-mail you to ask you for your password
- Don't click on links/images in shady e-mails
- If unsure, type the address in your browser
- Check the actual URL (site link) by hovering over the address, just because a link shows www.example.com, doesn't mean it is that actual link, it can take you to a completely different site
A friend of mine recently built a fake facebook login page for testing purposes, I used the page to test some popular browsers:
The following browsers detected the phishing threat and gave a warning:
The following browsers failed to detect the phishing threat and opened the (fake) page without any warning:
It appears that both Internet Explorer and Opera both failed to warn the user in this test, while Chrome, Firefox & Firefox Develoepr Edition and Vivaldi all seemed to detect the phishing attempt and warn the user.
I recommend everyone to download either Google Chrome or Mozilla Firefox and set it as your default browser.
Other than supporting modern web standards they have tons of plugins available to add extra functionality and enhance your browsing experience (and they warn you about phishing attacks).