Tag Archives: phish

3 really simple checks to avoid being phished

Ishaan sent you a message.

Subject: Hello

“www vingers(enter dot)ru”

Sharma sent you a message.

(no subject)

“tinyurl[dot]com/pofb3m/, 937824”

Raghav sent you a message.

(no subject)

“tinyurl[dot]com/pofb3m/, 974785”

Ujwal sent you a message.

Subject: ilikez.ru

“Look at this”

Rob sent you a message.

Subject: ilikez.ru

“Look at this”

If you are a decently networked Facebook user, you too must’ve received lots of messages like above from your Facebook friends. It’s really surprising(and disturbing) how much people have fallen for these attacks. I am particularly intrigued by a lot of my friends falling for it. Call me what ever but falling for attacks like these shows lack of some basic understanding about websites and security.

Here are a few pointers to be kept in mind to avoid such phishing incidents

1) Always check the target URL of the hyperlink in emails/messages etc.
This can be done by simply hovering/pointing mouse at the hyperlink. For ex: “Hey check out my new blog” might look like a genuine message from a friend but you can make out(mostly) if it’s real or fake by checking out the target url, which in this case is http://phishyblog.com i.e fake.

2) Always check the URL of the site before entering your credentials.
It’s naive to assume that the site that you were pointed to from an email/message which looks like your favorite site is that site indeed. By virtue of your experience and hunch you can mostly make out if the site is real or fake but checking the URL before entering your credentials is still the safest way to avoid being phished.

3) Always look out for context
I know it’s the hardest one to implement but you need to learn to be cautious about any message containing a hyperlink that doesn’t have a context. In case you’ve noticed all the messages posted above don’t have any context what so ever and thus should be approached with caution.

This  list could go on and on but lets keep it simple so that it’s easy to remember and share.

Did you too get phished ? If not, what saved you ?