Seeing how common phishing is becoming, I thought I might make a guide to try and make people more aware of it and to help people avoid it.
First off- What is "phishing"?
"Phishing" is where some one tries to steal sensitive information from you, usually bank information or account information of a particular website. Phishing generally involves fake websites designed to look just like a legitimate site to try and trick you into giving the phisher your sensitive information.Where does phishing happen?
Phishing usually takes place in the form of emails, a phisher sends out a whole bunch of emails, copying things like bank emails or emails from another company who you may have a subscription for or pay online. It can also take place on instant messaging and is also becoming more common on Steam, where a phisher will send you a message telling you about a special game offer or something about a thread created online about you or basically something to try to lure you to a fake Steam website where you will be asked to login and then boom! your account information is stolen. It can take place in other places to, I will be focusing on the more common places phishing can occur.Recognizing phishing and avoiding itEmail phishing
-look carefully at the email, check if images look bad quality or poorly resized
-check grammar and spelling-phishing emails often contain poor grammar and spelling
-hover the mouse over links-if it is a bank email and they are telling you to login and pay a bill then you will see when you hover over the link the address of where it will take you, if it is not the address of that banking website then you know it is fake.
-Take note of who they refer to you as, a bank will never refer to you as "customer" or "user"
-Be wary of password change requests and account info updates, your bank will never ask you to change your password in an email.
-A secure site will have HTTPS, and have either AES 128-bit or 256-bit encryption, don't ever do shopping or banking on a site that doesn't have a secure checkout or finance system.
-You can also trace the email message as it past through the servers to your account, several email clients will let you do this including Yahoo! Gmail and Hotmail, an easy way to do this in Hotmail is to right-click the email, click properties and then the details panel.
-Phishing emails also commonly contain a few legitimate links, (i.e to pages like "About Us" or "Contact Us") as a way to make the email look more genuine. If it is a bill you are paying it is always a good idea to just go to the website yourself, and not use any links.
-Some phishing emails will also have fake signatures at the bottom of the email, Telstra emails and some bank emails will sometimes have signatures from people who work there, and it is a good idea to check the consistency of the signatures. They will always be the same so this is another way to recognize a phishing email.On Steam
A quick tip, you can identify the address of a link sent to you by a steam phisher by hovering over the link they send you. If it does not follow something like "steamcommunity.com" or "store.steampowered.com" then don't even go there.Software to avoid phishing
Most antivirus vendors now include some form of phishing protection in their antivirus applications, even most free ones. It is a good idea to have some form of antivirus protection because even something like Avast has some fairly decent phishing protection, of course with paid you can get much better anti-phishing- Kaspersky have very good phishing protection.In the public
If you are using an open public network, it is not secure and some one can see your activity on it. If you get a phone call from some one claiming to be your bank, it could just be some one watching your activity and could direct you to a phishing website or even your actual bank's site and then watch for your details to pass through. It is never a good idea to do any banking or online shopping on an unsecured network.
One last tip, check the spelling of a website. If it is a website like steam or PayPal or something but it is spelt incorrectly to how the actual site is spelt, then it is a phishing site trying to look like the site. Also, don't ever use internet cafes for sensitive operations like online banking or even logging into your websites, their computers are crawling with keyloggers and malware and some even have worms and things in the networks that will try to get into your stuff.
I hope this guide is helpful, I have put time and effort into it and if you feel I have missed something please let me know.