• News
    • Archive
  • Celebrities
  • Finance
  • Crypto
  • Entertainment
  • Travel
  • Health
  • Others

7 Myths about Anti-Phishing That You Should Know

54.5KShares
1MViews

Anti-Phishing Tips Debunked

Any other online banking website also has a "anti-phishing tips" page that teaches the average computer user how to combat those irritating emails that collect personal information. While this is a commendable educational program, many of the tips, including those that come from security experts, are in reality dubious, wrong, or misleading. The most popular myths are debunked in this post. You'll find a few pointers at the bottom of this page that will help you correctly distinguish both legitimate and impersonated websites.

Myth #1: Secure, Encrypted Web Page Indicates A Valid Website

Never depend solely on the "https://" prefix or the padlock icon to signify a "safe" page, contrary to common belief. A legitimate SSL certificate can be found on a phishing website. You may want to look at the certificate's information to see if the "Common Name" field matches the host name of the organization's website, but this may take some technical knowledge.

Myth #2: Secured By [insert Authority Name]. Click Here To Verify

COPYRIGHT_WI: Published on https://washingtonindependent.com/7-myths-about-anti-phishing-that-you-should-know/ by Paolo Reyna on 2021-03-03T14:35:57.209Z

Have you come across those? They are, after all, useless. The splash window that appears when you click the link does not guarantee that you are on a safe website.

Myth #3: Address Bar Always Shows A Correct URL

Another erroneous suggestion is to check if the URL in the address bar is right. It is insufficient to guarantee the legitimacy of a website. Phishers can be able to spoof details in the address bar thanks to flaws in browser software. Another form of attack (DNS Spoofing) will fool you into thinking you're visiting a legitimate website.

The text in the status bar can be easily updated. In reality, it's even easier than spoofing the URL in the address bar.

Myth #5: Anti-phishing Software Prevents Scams

Anti-phishing browser plug-ins (often provided for free by internet providers) are unable to detect all phishing attempts, similar to antiviral software's failure to detect new malicious code. Adding software (often of dubious quality) to your browser, on the other hand, makes you vulnerable to malware designed to attack the software.

Myth #6: An Email Containing Your Personal Data Is Legitimate

It may be a fraudulent email if you receive a message from your bank that includes your name and account number (or a portion of it). Using public databases or data leaked from other organisations, phishers may gain access to some of your personal information.

Myth #7: It Is Safe To Log In Once You Know The Website Is Legitimate

Certainly not! Cross-Site Scripting vulnerabilities on a company's website might allow a sophisticated attacker to capture your credentials by redirecting you to the attacker's website as soon as you click the "Login" button or press "Enter." Read on for some suggestions on how to avoid this.

What To Do To Avoid Getting Scammed:

If your bank sends you an email asking you to complete a task, do not click on the links or log in using the forms in the email. Instead, open your browser and go straight to your bank's website, log in, and proceed from there. DO NOT CLICK ON THE LINKS, even if the email is from someone you meet.If your bank sends you an email asking you to complete a task, do not click on the links or log in using the forms in the email. Instead, open your browser and go straight to your bank's website, log in, and proceed from there. DO NOT CLICK ON THE LINKS, even if the email is from someone you meet.

Tip #2: Invalid Credentials Usually Work On Impersonated Websites

If you think there's a problem with a website, log in with an incorrect username and password. If the website then redirects you to a "Logon failed" page, you're probably on a safe site. It may not always function, as impersonators may simulate failed logons in order to double-check the victim's input or redirect to a legitimate website after obtaining credentials. However, if your forged credentials get you through, it's almost certainly a phishing attempt.

Tip #3: Report The Message To The Company Impersonated In The Email

Most financial institutions have policies in place and dedicated email addresses for reporting security issues. If you think a message is phishing, forward it to the appropriate agency. In our Scam Reporting Database, you can find email addresses to forward suspicious emails to. Both email headers should be included. Since the company receives thousands of reports, don't expect a response.

Share: Twitter | Facebook | Linkedin

About The Authors

Paolo Reyna

Paolo Reyna - Paolo is a senior at the University of Illinois at Urbana-Champaign, majoring in International Studies with a Latin American emphasis. During the fall semester of 2012, he had the opportunity to study abroad in Peru, which piqued his interest in international growth. He learned about the disparities that impact indigenous peoples, got a taste of Peruvian culture, and improved his Spanish skills. Mitchel interned with the Chicago Council on Global Affairs, conducting research on food security in Latin America, after being inspired by his foreign experience. He wants to work in international development and for a government department, writing legislation. He loves playing intramural basketball and practicing for the Chicago marathon when he is not thinking about current events in Latin America.

Recent Articles

No articles found.