What Is a Phishing Attack?

Phishing is when someone impersonates a company or government entity by creating a website or program that looks just like something that belongs to it. For example, creating a fake Google page is considered phishing.

Why “Phish?”

Phishing is used often to either: When you fall victim to phishing attacks, you risk losing control of who you are on the Internet. The most common problems that happen as a result of phishing are: Of course, there may also be other purposes behind a phishing attack that I have not covered (hackers think of everything!), but the point is that you do not want to be on the business end of one of these attacks. So, let’s start talking about what you can do to prevent yourself from becoming a victim of these attacks.

Watch For Strange Behavior

If you ever received a message or tagged post on Facebook from a friend, saying, “You were so crazy at the party last week! Look at the pictures I took!”, you were in the middle of a phishing attempt (unless you really were at a party last week). Your friend obviously fell victim to the attack and downloaded malware that will send itself to everyone on his Facebook friends list. If you notice someone acting strange or saying things that they normally wouldn’t say, there’s a chance that this is happening. Think about the above example for a second. Even if you weren’t at a party last week, wouldn’t you still be curious to find out what kinds of pictures your friend took? This is exactly what phishers rely on. The link sent to you may open a fake Facebook login page that looks almost like the real deal. In a hurry, someone types his username and password into the login prompt, and the next minute, that person gets sucked into the same trap that his friend fell for.

Read URLs!

To understand what I mean by this title, you must first understand how URLs work. “Facebook.com” is a domain name. In “apps.facebook.com”, apps is a subdomain. To detect phishing, you need to look at the domain name  and ignore any subdomains. They’re not important in this instance. So, if you see a login page, look at your address bar. Is that domain name recognizable? A fake Facebook login page will have a domain that’s not precisely facebook.com. The above image shows a domain name of “cixx6.com”. The subdomain could be imgoingtoeatspaghetti, but if there’s a facebook.com at the end, then it’s legitimate. Otherwise, close the tab, and kindly inform your friend of the infection.

Did I Miss Anything?

If you think you have some better tips, or feel confused about something I’ve said, please post a comment. Everyone can draw something from discussion!