Skip to content

Don’t Get Caught in Shallow Waters; Protect Yourself from Phishers [With Infographic]

fish

fish

I've written a few times before about the steps you can take to secure yourself online, particularly in my top 10 tips to make your computer more secure. One of the biggest issues is that email (which is one of the most popular methods of digital communication out there) is also one of the most insecure methods. Despite this, it still remains my favourite forms of communication, and as long as it is used wisely it can make you super-efficient. In this article I'll quickly go through some ways you can secure yourself online, and in particular to avoid being a victim of the king of email scams- phishing.

(Photo Credit: Ansel Edwards Photography via Compfight cc)

Listen to this Blog Post:

Secure Yourself with HTTPS

Facebook HTTPS There are a few ways to make your email more secure. Firstly you should make sure that you are connecting to your email server securely using HTTPS. You may have seen the "golden padlock" when you connect to some sites (particularly in the case of internet banking). HTTPS encrypts internet traffic between you and the website you are browsing. SSL certificates are only granted to websites giving this HTTPS connection by certificate authorities that do some background checks on the website before issuing one.

There are technically different levels of certificate for which different levels of background checks are required. The Domain Validated one is only validated against the domain name itself and offers the least protection to the end-user. An Organisation Certificate requires checks the background of the business or organisation itself. Finally, the top-level one is an Extended Validation Certificate, which gives the familiar Green Bar you see on internet banking sites.

Most email providers such as Gmail offer SSL, and if yours doesn't, it should! Even Yahoo! Mail, widely criticised for not having SSL, has just enabled this as an option. Other services such as Twitter and Facebook now allow SSL too, so make sure you switch the service on. If you are an avid Facebook user, I recommend you read my guide on how to do a security audit on your personal Facebook profile.

An easy way to ensure you are using HTTPS as much as possible, you should be using a Chrome or Firefox plugin called HTTPS Everywhere from the Electronic Frontier Foundation. This plugin makes sure that you always connect to a website using SSL if it is available. For more information, see the article from the Electronic Frontier Foundation on HTTPS Everywhere.

Unfortunately, even if you do connect to a website with SSL, you can still technically be at risk. Always check the domain name of the website you are visiting to make sure it looks correct. Although SSL certificates should be generated for legitimate businesses, there has been the odd occasion when SSL certificates have been improperly issued

Secure Yourself with a VPN

VPN As well as connecting via SSL you could also secure your internet connection completely by using a Virtual Private Network. Using a VPN means that your internet connection is completely encrypted and hidden from prying eyes. A secure tunnel between you and a VPN server is created, and effectively you are then browsing the internet using the internet connection of the VPN server. This is particularly important when you are using a public hotspot.

Choosing a VPN from the countless list can be quite a daunting task. From personal experience, I highly recommend the service from Private Internet Access. It seems to be reliable, reasonable in cost and has good customer service. You can find out more about Private Internet Access by watching the following video.

For further information on VPNs, have a read of this great article from LifeHacker called Why You Should Start Using a VPN (and how to choose the best one for your needs).

You can read an in-depth review of the best VPNs at the moment here.

Secure Your Password

Choose a strong password, and make sure you don't use the same password for all your sites!

There have been horrendous stories of email accounts being hacked with huge losses of customer data. If you think it isn't a problem, then have a read of why your password is not safe.

I highly recommend using a password manager such as LastPass to help you make your passwords ultra-secure without having to remember them all.

Email is Still Insecure

Despite securing yourself in these ways, the actual email you send won't be sent securely. The email could pass through many different servers throughout the world and will be sent in plain text. Although unlikely, it still could technically be read or scanned on its way. My advice is not to send anything sensitive by email for this reason. If you do have anything sensitive, there are more secure methods such as PGP (pretty good privacy). Unfortunately, these require both the sender and recipient to use special software to encrypt and decrypt the message.

Make sure you protect your computer with a virus scanner or anti-virus application. There are too many to choose from, but for Windows, I recommend Microsoft's own- Security Essentials. If you own a Mac, don't think you are exempt! For more information, see my tips on making your computer secure.

Protect Yourself from Phishing

Even if you do all of the above, you can still become the victim of a cyberattack, just by opening an email message and clicking on a link! Just think- all that time spent securing your computer and your online life could be flushed down the toilet in 2 minutes! I'm not talking about a virus infecting your computer, I am talking about a Phishing attack. The email itself may not have an attachment or a virus, but you could be tricked into supplying a criminal with your personal information by entering it on a website.

This type of scam has been around for a long time, and although it used to be fairly easy to tell a fake one from a legitimate one, it can be quite difficult nowadays with scammers using more sophisticated techniques. Phishing attacks tend to target your bank or credit card details as well as username and passwords for popular social networking sites such as Twitter and Facebook.

According to recent statistics, over 50% of internet users get at least 1 phishing email per day. Thankfully this can be reduced with a decent spam filter (such as GMail's very good one). However, it only takes one phishing email to potentially cause you a security nightmare!

My top piece of advice is to check the web address of the website to make sure nothing suspicious is going on. You should check the following:

  1. The web address should start with either 'http://' or 'https://'. Some browsers hide this, which is fine, but make sure you don't have anything else before the '://'
  2. Now check everything before the first forwards slash. This is the domain name of the website. Facebook should end with 'facebook.com'. Quite often scammers will try a different domain name that looks similar- eg. faacebook.com or facebookk.com. If you see this, you are in trouble.
  3. Other technique scammers use, is to use a sub-domain. A subdomain is something instead of or in place of the 'www'. A scammer could make it look like they are Facebook by choosing a subdomain like facebook.com.phishingsite.com. In this case, the website would be on a subdomain of phishingsite.com! Most subdomains are absolutely fine (for example en-gb.facebook.com, mail.yahoo.com), but just make sure the subdomain doesn't confuse where you should be!

 

11 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments

Sophia

Choosing a VPN from the countless list can be quite a daunting task. From personal experience, I highly recommend of using good vpn services. I want to know more about it, but anyways thanks for great info!

Kent Lewis

The best part is info graphics.. good work keep it up.

iaanhayden

People who rely on the World Wide world have to accept various inherent risks. Securing you and your facts and figures from online risks isn’t just about holding an eye on different viruses. In today’s world, more than just the folders and documents saved in our apparatus are at risk; sometimes, our entire “digital presence” is susceptible to many risks. So thanks for sharing such a nice post. It will be helpful for many users. Computer protection is way to decrease risk.

Andrew Johnson

Some good tips. Just a couple of comments: –

SSL certificates can be self-signed (most are) and therefore
do not guarantee that the site you are connecting to is the one you meant to.
What HTTPS does stop is a ‘man in the middle’ attack. To make sure the site you
are connecting to is the one you meant to go to, check the URL.

Your email comments are correct for web based mail, but there are
plenty of other ways of accessing your email, depending on what your email
provider provides. E.g. SMTP, POP3, IMAP, Push Notification etc For Gmail I believe they support push
notification where they send the email to you without you needing to log in to
retrieve it (same way Microsoft Exchange handles my works email).

Andrew Johnson

I should point out that most web browsers will tell you that a site has a self signed certificate, but this could have been switched off.

ClinicalPosters

It’s worth noting that not ALL subdomains are bad or phishing. MOST are legitimate. In these examples (maps.yahoo.com and store.clinicalposters.com), what’s on the left is a subdirectory of what’s on the right or a shortcut to access an otherwise difficult-to-remember URL.

[…] to your email pass­word, but even if you do, your strong pass­word can still be har­vested by a phish­ing attack. Twit­ter are sup­pos­edly work­ing on secu­rity fea­tures includ­ing multi fac­tor […]

[…] Don’t Get Caught in Shallow Waters, Protect Yourself from Phishers (iag.me) […]