Phishing, in practice consists of email containing URLs (links) to doubtful domains. How do we avoid phishing via tricky domains? How can we spot them?
For instance, you receive an email (promting you to verify your account by providing any of the following: name, address, card number, password) containing this URL https://bankofamerica.mysite.com.
- Well, neither a bank nor other company would ask for your personal data: they already have those.
- No one ever asks for your password. Passwords are your secret, never to be shared with anyone.
- The name of prestigious companies is used in a link to trick you into clicking them. If a link contains a company name followed by .something.com, that link is most probably a phishing attempt.
- Get in touch with a representative of said email sender and confirm with them by reporting any suspicious electronic communication you may receive.
Companies need to regularly scan their databases to understand if there are domain names that appear to be tricking innocent people into believing that they are affiliated under another famous company, like Facebook and thereby gaining the trust of the readers. The readers in return trust such sources revealing potential information about themselves and their loved ones.
Phishing is not a one-way problem that can be prevented by stopping such threatening emails from reaching employees; instead it is estimated to be a two-way problem.
Spear phishing is more lethal since it involves incoming mails from someone you already know in some way or the other. Once you open the email, you are directed either to a malicious website or you are asked to incorporate your valuable information before proceeding.
Make sure you do not disclose any information without being very sure who you are communicating with.
There are a few simple techniques that can help you avoid phishing via tricky web domains:
Cryptographically sign your emails from an authentic email server. In this way, the person who receives the email would instantly know by matching the signature that the mail has come from the person in question. This technology is known as DKIM (Domain Keys Identified Mail).
Another technology is the SPF (Sender Policy Framework) Technology where the recipient can verify the incoming IP address from a list of authorized IP addresses.
Avoid using any of the available public networks.
Watch for spelling errors and shorter links.
Be aware of the pop-ups you receive.
By using these tools and paying attention, you can prevent both outbound phishing and also stop inbound phishing.