Phishing attack, a form of Man in the Middle attack had been in the IT Security scene since long time ago and there are still many users that unable to detect phishing attack.
Even though it is a long time ago technology, but still it is an efficient way of attack certain user. This is because of the security against phishing is quite user dependent.
On the other words, it depends on how careless the user is to fall into a phishing trap. This post is to mainly help certain internet users on how to detect a phishing site and also prevent themselves from getting trapped by the phisher.
Never click on any URL from an unknown sender
The easiest way to start a phishing attack is through URL. Sometimes, it does not have to be a malicious URL. It can be an ordinary URL. Which means, it can be just a URL that redirects the victim to a attacker-controlled server. Unless you are very sure that it is the correct sender or a trusted sender, then clicking on the URL should be fine.
Never open any attachment file from an unknown sender
Sometimes, the attacker will act like some courier service such as UPS, Fedex or DHL. They will send an email to the target and put it like a surprise gift. If the user is attracted to the term ‘surprise gift’ from the attacker, then he/she might just opened an attachment that contains Malware. If there is such emails, the user should not open or at least, confirm again using another communication channel regarding the email package.
Investigate the URL
Sometimes, the physical URL might not be the actual URL. Take a look at this example, www.google.com is actually lead to the homepage of this site. It is not difficult the change the physical look of an URL and users should be careful especially for URL from an unknown sender. You can navigate the actual URL by moving your mouse pointer over the URL to see the floating value of the actual web address or you can also right-click on the URL and select Copy Link and finally paste on a notepad to confirm. This trick however is just to trap a novice internet user and harder to trick on the intermediate internet user.
Use Spam Filters
Prevention is always better than cure. You can use the spam filters to junk all the phishing emails into your junk mail so that they will not bother you anymore in the future. In IT security, we always try to avoid a threat rather than facing them and battle with them. Filtering spam email is a good way to prevent phisher from making any further attempt to you.
Detect and Combat Phishing Attack – Final Say
The points mentioned above are the fundamental steps to combat phishing attack. As phishing is not any complicated form of threat to the end user, being careful is sufficient enough to combat against it. Final words to the readers, stay alert when you are on the internet and always keep an eye to detect phishing attack.