What is "phishing" and how can you avoid phishing scams?
So… what exactly is phishing? As defined by Wikipedia, phishing is "a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication". In other words, hackers and criminals use phishing to get ahold of personal details so that they can try to steal money from bank accounts or run phony charges on credit cards. Phishing scams are widespread on the internet, and every user has to take care that they aren't victimized.
The first and most important item to keep in mind to protect yourself from phishing attacks is to not click any links or open attachments in emails. Links inside of emails are the primary way that phishing is performed, as these links will send you directly to sites that look like a bank, PayPal, eBay, Amazon or other legitimate sites, but are actually phony and specifically created to capture your login and other details. These details are then used on the actual sites to withdraw or transfer money, or make unauthorized purchases. Avoid clicking any links in emails, period! If you want to visit a site from an email, type the address in to your browser by hand.
Next, you'll need to make your computer resistant to attack through downloaded trojans, viruses and nefarious websites. The best way to accomplish this is by installing anti-virus software. There are many professional grade anti-virus programs available that can protect your computer and are updated regularly to ensure your protection is up-to-date. My favorite that has kept me safe online for many years is, Kaspersky Labs. They also offer a free trial so that you can clean out any viruses you may already be infected with, but it's probably best to buy the full version.
Another key software step to avoid phishing is to stay away from pirated software that is available for download through websites and torrents. Hackers can easily bundle viruses with software cracks and patches, and place them up on public sites for download. When the pirated software is downloaded and installed, the virus is installed with it and can compromise the security of your computer. Your computer can then start automatically sending your personal details and things you type in to your browser to those who would want to collect it and make use of it. If you use pirated software, you can be opening your computer up to all sorts of problems, so just avoid it altogether.
When you're using your web browser, there are some tips you can keep in mind that will help you avoid phishing sites. As mentioned above with emails, many phishing scams will start by trying to get you to click a link that looks legitimate but actually takes you to a website which will try to collect personal information.
The easiest way to avoid this issue is to type the website you want to visit in to the browser's address bar manually. This eliminates the link-clicking from the equation and ensures you will be forwarded directly to the site you want to visit. You should also refrain from using bookmarks for websites that require you to be very alert, such as your online banking or PayPal. Viruses can insert phishing links into bookmarks that you have setup, so just avoid them entirely and type the address in every time you want to visit a site.
Secure websites also avoid many of the risks that phishing sites offer, and most professional companies such as banks will use them. When you go to your bank's website, check the address bar to ensure that it says "https" or "secure" as opposed to "http". The ‘s' on the end ensures that you're using a secure server, and generally your browser will feature a button that you can click on to verify the site's security information. If you're hesitant, take a look. A secure site can offer you that extra level of comfort that you're not going to suffer an identity theft.
Finally, don't hesitate to give the customer service department of your bank or other company a call if you receive an email that you suspect is a phishing email and it's got their logo on it. As mentioned above, no honest company would ask for a password or other user details by email. However, some of the better phishing emails will simply lead you to a "doorway" site that will look legitimate but will actually collect your information or try to install a virus or trojan on your computer. If it looks legitimate but you're not sure, simply call the company or avoid the email entirely and delete it.