Just How Effective Is Phishing And How To Avoid It


For those not familiar with the term, phishing is essentially a method that security hackers use to try and trick individuals to divulging information about themselves and their accounts through false websites designed to look legit. Millions of these emails are sent and received by users across the internet on a daily basis. They use a variety of different tactics but the primary goal is to get a victim worried enough that they will follow links provided without checking their validity and then giving up information. In essence, this is a form of social engineering that many con artists use.

While most of those phishing emails end up in junk folders or trash bins, users still end up clicking on those links from time to time. Google has been studying these scams for some time as they often get reports of fraudulent sites. Based on their data that have came up with some statistics about how effective they can be. Now they have shared results and stated that the most effective site has a 45% conversion rate of getting users that visit it to turn over information. Even the least successful ones still have a conversion rate of around 3% which is pretty good considering how many messages are sent.

The report goes even further than just the conversion rate that phishers have on their web pages to get information, but also how quickly that information could be used to compromise the persons information. They found that within the first hour, 20% of the accounts associated with information provided to such websites are compromised. So what can one do about this?

How to Protect Yourself

Obviously, if you don’t see the links from a phishing message, you are not likely to click on them and potentially fall for a phishing scam. This is where spam filtering programs can be extremely effective at capturing the emails before you even see them. Many mail services like gmail already do this filtering for users. If you don’t have a service, you can always set up a third party service such as Google’s which acts as an intermediary for the mail for filtering. Similar filtering programs for web browsers can also help block emails from phishing advertisements on less scrupulous web sites.

The next step is recongition. If a message comes through, take a close look at it, particularly the sender and the URL of any links. If an email says it is coming from Chase Bank to inform your of account changes, the email should definitely have Chase.com in it. Similarly, the URL should as well. This is where the phishers try to get you as they will try and get domains with very similar names that users will quickly gloss over. One way to check a link is to hover your cursor over a link and then view the destination URL displayed generally at the bottom of the browser before clicking on it.

Another method to protecting your accounts is to setup a two factor or two step authentication method on your accounts. This protects your from phishing scams because most of the time the information gathered will only get them through the first level. If they don’t have access to your email address or phone to authenticate the second step, they can’t get it. Users of this method will also be alerted to potential fraudulent activity.

Finally, the best companies already have security measures in place and you should be aware of them. For instance, most banks will never include URLs or links within their emails. Instead, they will direct their consumers to contact them directly through information they already have via statements and account records. Similarly, if they need you to do something online, they will tell you to login to your account but won’t provide the URL assuming that you already know how to do this.

[ (long)]

One thought on “Just How Effective Is Phishing And How To Avoid It

  1. One of these emails I’ve got before days and it went to my Inbox folder, unlike in most cases these mails end up in junk.
    It was titled “Your last chance to verify ownership of your PayPal account” , and I almost got tricked to it because it was perfectly designed with all matching PayPal’s graphic materials and so.
    I recognized it’s a phished by the link which was meant to lead for verifying account. The domain was similar to Paypal official one. Can’t say what exactly because I deleted the mail message.
    I’m sorry for all people who fail into this one and every other phishing attempt.
    People really need to be more educated to stop online crime.

    Thanks for your informative post!



Leave a Reply

Your email address will not be published. Required fields are marked *