For those not familiar with the term, phishing is essentially a method that security hackers use to try and trick individuals to divulging information about themselves and their accounts through false websites designed to look legit. Millions of these emails are sent and received by users across the internet on a daily basis. They use a variety of different tactics but the primary goal is to get a victim worried enough that they will follow links provided without checking their validity and then giving up information. In essence, this is a form of social engineering that many con artists use.
While most of those phishing emails end up in junk folders or trash bins, users still end up clicking on those links from time to time. Google has been studying these scams for some time as they often get reports of fraudulent sites. Based on their data that have came up with some statistics about how effective they can be. Now they have shared results and stated that the most effective site has a 45% conversion rate of getting users that visit it to turn over information. Even the least successful ones still have a conversion rate of around 3% which is pretty good considering how many messages are sent.
The report goes even further than just the conversion rate that phishers have on their web pages to get information, but also how quickly that information could be used to compromise the persons information. They found that within the first hour, 20% of the accounts associated with information provided to such websites are compromised. So what can one do about this?
How to Protect Yourself
Obviously, if you don’t see the links from a phishing message, you are not likely to click on them and potentially fall for a phishing scam. This is where spam filtering programs can be extremely effective at capturing the emails before you even see them. Many mail services like gmail already do this filtering for users. If you don’t have a service, you can always set up a third party service such as Google’s which acts as an intermediary for the mail for filtering. Similar filtering programs for web browsers can also help block emails from phishing advertisements on less scrupulous web sites.
The next step is recongition. If a message comes through, take a close look at it, particularly the sender and the URL of any links. If an email says it is coming from Chase Bank to inform your of account changes, the email should definitely have Chase.com in it. Similarly, the URL should as well. This is where the phishers try to get you as they will try and get domains with very similar names that users will quickly gloss over. One way to check a link is to hover your cursor over a link and then view the destination URL displayed generally at the bottom of the browser before clicking on it.
Another method to protecting your accounts is to setup a two factor or two step authentication method on your accounts. This protects your from phishing scams because most of the time the information gathered will only get them through the first level. If they don’t have access to your email address or phone to authenticate the second step, they can’t get it. Users of this method will also be alerted to potential fraudulent activity.
Finally, the best companies already have security measures in place and you should be aware of them. For instance, most banks will never include URLs or links within their emails. Instead, they will direct their consumers to contact them directly through information they already have via statements and account records. Similarly, if they need you to do something online, they will tell you to login to your account but won’t provide the URL assuming that you already know how to do this.