Phishing is a common attack form on the Internet, that tries to steal data from users by making them believe that they are on a trusted site, or in contact with a trusted source, when in fact they are not. Phishing is usually associated with email, but there are other forms, including posting fake links on Twitter, in instant messengers, chat rooms or forums.
Attackers try to get login information, or financial data from a user to exploit the linked accounts.
We have discussed phishing previously in our phishing flowchart, and how to detect phishing attacks which concentrated on email phishing attacks. The main difficulty with phishing is to identify legit requests from malicious attacks. The following tips help avoid phishing attempts:
- Never click on links in emails.
- Always double-check a links destination in the web browser’s status bar before clicking on it.
- Always look for signs of a secure website if connecting to a financial site or shopping site. Those are a closed padlock in the status bar, the use of https instead of http, and a valid certificate. Most web browsers highlight https sites to make the identification easier.
- Always enter urls manually. If you receive an email from your bank, with a link pointing to the bank website, you should consider entering that link url manually to make sure you are on the right website.
- When in doubt, try to contact support by going manually to the official website, and looking for a support number if you do not have it. It pays off to have all support numbers and emails at hand for these cases.
- Most modern web browsers, like Firefox, Internet Explorer, Chrome or Opera, offer phishing protections that are activated automatically. Please note that these databases only contain known phishing threats, they need to be reported before they protect all browser users. They do miss brand new phishing sites that have not been reported yet.
- The same is true for antivirus software with phishing protection, or safe browsing solutions like Web of Trust.
Software that is out of date poses a tremendous security risk, especially when the computer is connected to the Internet.
It is important to always keep the software on the computer up to date. This includes the operating system, software that is installed on the computer, browser plugins, add-ons and every other kind of program that can be updated.
The Windows operating system offers options to keep the OS up to date automatically with its automatic update capabilities. That’s the first step, to always install Windows patches when they are released. Microsoft always releases security patches on the second Tuesday of the month. It may happen that out-of-band security patches are releases as well, it is always a good idea to keep an eye out for them.
Windows users can check in the Control Panel if automatic updating is enabled or not. Windows 7 users find the setting under System and Security > Windows Update > Change Settings.
Install updates automatically (recommended) needs to be selected under Important Updates, and the option to install recommended updates should be enabled as well.
That takes care of Windows, so that the operating system is always up to date. But what about web browsers, plugins and software?
All web browsers have an option that checks automatically for updates. Always upgrade the browser to the newest version when an update is released.
Plugins can be checked at the Mozilla Plugin Check page which is compatible with all browsers.
The check lists the update status of each installed plugin, providing links to the developer’s website to download the latest version if it is not already installed.
Software and applications on the other hand are harder to come by, simply because developers use different means to provide updates. Some offer update notifications or automatic updates, others not.
Those programs catch many popular applications, and often offer to download and install the updates immediately in the scan report. A last resort is the manual update checking, which can be semi-automated if the developer offers RSS feeds or email update notifications.
You may also be interested in tips to improve Internet security.