A Guide To Phishing- What is it and how to avoid it - Overclock.net

Forum Jump: 
 
Thread Tools
post #1 of 10 Old 04-20-2014, 05:50 AM - Thread Starter
PC Gamer
 
Dctr's Avatar
 
Join Date: Dec 2012
Location: Tasmania, Australia
Posts: 575
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 21
Hi Everyone,
Seeing how common phishing is becoming, I thought I might make a guide to try and make people more aware of it and to help people avoid it.

First off- What is "phishing"?

"Phishing" is where some one tries to steal sensitive information from you, usually bank information or account information of a particular website. Phishing generally involves fake websites designed to look just like a legitimate site to try and trick you into giving the phisher your sensitive information.

Where does phishing happen?
Phishing usually takes place in the form of emails, a phisher sends out a whole bunch of emails, copying things like bank emails or emails from another company who you may have a subscription for or pay online. It can also take place on instant messaging and is also becoming more common on Steam, where a phisher will send you a message telling you about a special game offer or something about a thread created online about you or basically something to try to lure you to a fake Steam website where you will be asked to login and then boom! your account information is stolen. It can take place in other places to, I will be focusing on the more common places phishing can occur.

Recognizing phishing and avoiding it
Email phishing
-look carefully at the email, check if images look bad quality or poorly resized
-check grammar and spelling-phishing emails often contain poor grammar and spelling
-hover the mouse over links-if it is a bank email and they are telling you to login and pay a bill then you will see when you hover over the link the address of where it will take you, if it is not the address of that banking website then you know it is fake.
-Take note of who they refer to you as, a bank will never refer to you as "customer" or "user"
-Be wary of password change requests and account info updates, your bank will never ask you to change your password in an email.

-A secure site will have HTTPS, and have either AES 128-bit or 256-bit encryption, don't ever do shopping or banking on a site that doesn't have a secure checkout or finance system.

-You can also trace the email message as it past through the servers to your account, several email clients will let you do this including Yahoo! Gmail and Hotmail, an easy way to do this in Hotmail is to right-click the email, click properties and then the details panel.
-Phishing emails also commonly contain a few legitimate links, (i.e to pages like "About Us" or "Contact Us") as a way to make the email look more genuine. If it is a bill you are paying it is always a good idea to just go to the website yourself, and not use any links.
-Some phishing emails will also have fake signatures at the bottom of the email, Telstra emails and some bank emails will sometimes have signatures from people who work there, and it is a good idea to check the consistency of the signatures. They will always be the same so this is another way to recognize a phishing email.

On Steam
A quick tip, you can identify the address of a link sent to you by a steam phisher by hovering over the link they send you. If it does not follow something like "steamcommunity.com" or "store.steampowered.com" then don't even go there.


Software to avoid phishing
Most antivirus vendors now include some form of phishing protection in their antivirus applications, even most free ones. It is a good idea to have some form of antivirus protection because even something like Avast has some fairly decent phishing protection, of course with paid you can get much better anti-phishing- Kaspersky have very good phishing protection.

In the public
If you are using an open public network, it is not secure and some one can see your activity on it. If you get a phone call from some one claiming to be your bank, it could just be some one watching your activity and could direct you to a phishing website or even your actual bank's site and then watch for your details to pass through. It is never a good idea to do any banking or online shopping on an unsecured network.

One last tip, check the spelling of a website. If it is a website like steam or PayPal or something but it is spelt incorrectly to how the actual site is spelt, then it is a phishing site trying to look like the site. Also, don't ever use internet cafes for sensitive operations like online banking or even logging into your websites, their computers are crawling with keyloggers and malware and some even have worms and things in the networks that will try to get into your stuff.

I hope this guide is helpful, I have put time and effort into it and if you feel I have missed something please let me know.
rdr09 and kaidome like this.

Dctr is offline  
Sponsored Links
Advertisement
 
post #2 of 10 Old 04-20-2014, 05:55 AM
 
kaidome's Avatar
 
Join Date: Apr 2013
Location: Philippines
Posts: 123
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 6
Nice guide thumb.gif

Steam: Oooooooooooooooooh
Origin: Morraxus
Quote:
Remember that ANGER is one letter away from DANGER
kaidome is offline  
post #3 of 10 Old 04-20-2014, 05:59 AM - Thread Starter
PC Gamer
 
Dctr's Avatar
 
Join Date: Dec 2012
Location: Tasmania, Australia
Posts: 575
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 21
Quote:
Originally Posted by kaidome View Post

Nice guide thumb.gif
Thanks! smile.gif, I made this guide after seeing all the fake Telstra bills my parents have been getting.

Dctr is offline  
Sponsored Links
Advertisement
 
post #4 of 10 Old 04-20-2014, 06:00 AM - Thread Starter
PC Gamer
 
Dctr's Avatar
 
Join Date: Dec 2012
Location: Tasmania, Australia
Posts: 575
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 21
Happy surfing

Dctr is offline  
post #5 of 10 Old 04-20-2014, 06:03 AM
 
kaidome's Avatar
 
Join Date: Apr 2013
Location: Philippines
Posts: 123
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 6
Will do. This should help me not to click on everything that looks fishy (no pun intended). Rep +1!

Steam: Oooooooooooooooooh
Origin: Morraxus
Quote:
Remember that ANGER is one letter away from DANGER
kaidome is offline  
post #6 of 10 Old 04-20-2014, 06:07 AM - Thread Starter
PC Gamer
 
Dctr's Avatar
 
Join Date: Dec 2012
Location: Tasmania, Australia
Posts: 575
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 21
Quote:
Originally Posted by kaidome View Post

Will do. This should help me not to click on everything that looks fishy (no pun intended). Rep +1!
Thanks, I don't often get rep.

Dctr is offline  
post #7 of 10 Old 04-20-2014, 07:17 AM
New to Overclock.net
 
Quantum Reality's Avatar
 
Join Date: Nov 2008
Posts: 6,349
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 1 Post(s)
Liked: 308
Couple notes

"Be weary of password change" - that's "Be wary of..."

Also, several email clients will allow you to see the original plaintext version of an email sent to you ("Show Original", or some variant). You can use this to poke through the e-mail header and the body to see if it's actually 100% legit. (see https://support.google.com/mail/answer/29436?hl=en for one site that discusses them in more detail)
Quantum Reality is offline  
post #8 of 10 Old 04-20-2014, 07:25 AM - Thread Starter
PC Gamer
 
Dctr's Avatar
 
Join Date: Dec 2012
Location: Tasmania, Australia
Posts: 575
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 21
Quote:
Originally Posted by Quantum Reality View Post

Couple notes

"Be weary of password change" - that's "Be wary of..."

Also, several email clients will allow you to see the original plaintext version of an email sent to you ("Show Original", or some variant). You can use this to poke through the e-mail header and the body to see if it's actually 100% legit. (see https://support.google.com/mail/answer/29436?hl=en for one site that discusses them in more detail)
Thanks, I corrected the spelling, I also missed that so I'll add it.

Dctr is offline  
post #9 of 10 Old 04-20-2014, 12:42 PM
Multi-Quote King
 
Join Date: Jul 2006
Posts: 10,347
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 845
Quote:
Originally Posted by Dctr View Post

Where does phishing happen?
Phishing usually takes place in the form of emails, a phisher sends out a whole bunch of emails, copying things like bank emails or emails from another company who you may have a subscription for or pay online. It can also take place on instant messaging and is also becoming more common on Steam, where a phisher will send you a message telling you about a special game offer or something about a thread created online about you or basically something to try to lure you to a fake Steam website where you will be asked to login and then boom! your account information is stolen.

Don't forget, it can also happen over the phone, or at work by a fake IT guy... There are a lot of avenues for phishing.

I would also add not to trust any links in an email at all. They will often put a lot of legitimate links in the email (i.e. links to the real bank's "About Us" or "Contact Us" pages,) but the one link to the login page will be malicious. You should always navigate to the site yourself by typing the URL into the browser by hand.

"I just talk the way I see things... If that's offensive to you... I'm sorry; you're a loser." - Michael Savage

"But you would be amazed by how many people think that the only reason to have a computer is to play games, and that playing games is all that anyone with a computer does." - dangerousHobo
The Hundred Gunner is offline  
post #10 of 10 Old 04-20-2014, 11:41 PM - Thread Starter
PC Gamer
 
Dctr's Avatar
 
Join Date: Dec 2012
Location: Tasmania, Australia
Posts: 575
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 21
Quote:
Originally Posted by The Hundred Gunner View Post

Don't forget, it can also happen over the phone, or at work by a fake IT guy... There are a lot of avenues for phishing.

I would also add not to trust any links in an email at all. They will often put a lot of legitimate links in the email (i.e. links to the real bank's "About Us" or "Contact Us" pages,) but the one link to the login page will be malicious. You should always navigate to the site yourself by typing the URL into the browser by hand.
Yes they usually do put legitimate contact links and things in. I'll add that. Thanks.

Dctr is offline  
Reply

Quick Reply

Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off