What is Phishing, how to detect phishing, and how to test anti phishing

phishing siteSo you just bought or installed a new antivirus/internet security software and wondering whether the anti phishing really works? Or you might be reviewing a security suite product but looking for a way to test the anti phishing feature? There is a hard way and of course, the easy way.

But before we go to that, do you actually understand what phishing is? How to know if you’ve been phished? How to prevent being phished?

What is Phishing?

According to Wikipedia:

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication

What these people normally do, they sent you some emails pretending to be an entity to trick you to give away your security information. So for example, you might be getting an email from “eBay”, “Facebook”, or from “your bank” saying that something bad has happened (to make you panic) and that you have to go to the online site to change your information. At the bottom of the email, you will see a URL that looks legitimate but it will actually take you to somewhere else. Now, it’s easy to quickly identify if you are being brought somewhere else unfamiliar. But what these experts do, they normally take you to a site that has the same layout/design as the real one. This way, you will be tricked thinking you are actually being brought to the right site, such as eBay or any online service that you use.

How to detect that you have been phished?

Hover onto the link first to check what the real URL is! For example, the email might say something like this:

Hi there,

You haven’t changed your password for a while. As a security measure, please change your password now.

Login to your account at https://www.cravingtech.com before your account gets suspended in 5 days.

Now, if you notice, the text displays https://www.cravingtech.com but if you hover your mouse to the link, it will actually point to http://www.cravinggtech.com. Not many people know about this trick unfortunately. When you are in panic mode, an instant click to the link is unavoidable, and before you know it, you have typed in your username and password on a phishing site. Your information will then be stored or most likely emailed to the bad guys.

You know you have been phished if you cannot login even though you are 100% sure of your login credentials. If this happens, double check the web address/URL on your browser. If you are sure that you are being phished into giving away your credential information, quickly login to the genuine one (typing the address manually on the browser) and change your password. If it’s really sensitive, delete the account and create a new one. If you do this quickly, there’s a chance that your information hasn’t been used by those guys yet (pray that they are still sleeping when you get phished).

How to prevent being phished

Here are some of my tips:

  • Never open an email attachment from someone you don’t know
  • Never click on a URL from someone you don’t know
  • When you get an email about account suspension, invalid delivery details, etc, be very very cautious especially if the email includes a URL
  • ALWAYS double check on the link (by hovering or copy-pasting the hyperlink to a browser but don’t go there yet)
  • Staying calm when you are reading your emails helps :)
  • NEVER trust an email sent from sensitive entities (like banks, eBay, DHL, etc) even if you see the company logo on the email or signatures.
  • Rather than following the URL to login, type in the address manually on the browser
  • Use a browser that has some anti phishing protection
  • Install an antivirus/security suite that has anti phishing protection (normally more powerful/up to date than just using a browser’s)

How to test anti phishing

Okay, so you get really scared of being phished and decided to install or buy a software with anti phishing mechanism. How do you know it works? You can wait until you get a phishing email (you’ve been following my tips above, right?) or head off to Phish tracker over at dslreports.com. There are plenty of phishing reports that include URLs on the page.

check anti phishing

Click on the “ticket numbers” on the first column and it will display the phishing URL. Now, to test, click on the URL and if your software is good, it will actually block the URL or warn you about a potential phishing site. If you get this, it’s all good. Now close it (don’t play with fire!).

Have you been phished before? I had, even knowing about all of these. I got an email saying that I got a private message on a forum where I’m active on. Clicked on the link, tried to log in a few times, and then shouted “STUPID” to myself a few times. I can imagine how many people who are learning about internet being tricked by these scams. How about you?

And oh, if you think this article is useful to someone you know, feel free to share!

About Michael Aulia

Owner of CravingTech.com, Michael is a tech enthusiast who blends a love for gadgets with a passion for gaming. With insightful articles and professional reviews, he navigates the digital landscape, offering expertise on consumer electronics and gaming trends.

Comments are closed.

Share via
Copy link