Phishing and Spoofing – Your Guide to Protect Against Them

‘Phishing’ is an attempt by fraudsters to ‘fish’ for your personal / financial / investment details via email.

‘Phishing’ attempts usually appear in the form of an email appearing to be from the very known company to gain readers trust. Within the email you are then usually encouraged to click a link to a fraudulent page designed to capture your details.

While some e-mails are very easy to identify as fraudulent due to poorly designed and bad grammar, others may look legitimate source. However, you should not rely on the name or address in the “From” field alone, as this can be easily manipulated. For example, look at the below image, which looks to arrive from PayPal asking you to take some action.

However, one must be very careful about the link destination i.e. if you hover on the link then it would be enough for you to identify authenticity of this email.

Although it can be difficult to spot, ‘phishing’ emails generally ask you to click on a link which takes you back to a spoof web site that looks similar to the one mentioned in email, wherein you are asked to provide, update or confirm sensitive personal information. To prompt you into action, such emails may signify a sense of urgency or threatening conditions.

The information most commonly sought through such means can be:

• User ID / Passwords
• Bank Account Details
• Credit Card Details or CVV
• Or Other verification parameters

Counterfeit / Spoofing Website

Website spoofing is the act of creating a website, as a hoax, with the intention of performing fraud. To make spoof sites seem legitimate, phishers use the names, logos, graphics and even code of the actual website. They can even fake the URL that appears in the address field at the top of your browser window and the Padlock icon that appears at the bottom right corner.

Fraudsters send e-mails with a link to a spoofed fraudulent website asking you to update or confirm account related information in the email only and submit. These emails also direct you to fraudulent Web sites and pop-up windows and try to collect your personal information.

This is done with the intention of obtaining sensitive account related information like your User ID, Password, bank details, etc.

One way to detect a phony Web site is to consider how you arrived there. If you type, or cut and paste, the URL into a new Web browser window and it does not take you to a legitimate Web site, or you get an error message, it was probably just a cover for a fake Web site.

Below are two most important points to help to identify a genuine website

• Check for the Padlock icon: There is a factor standard among web browsers to display a Padlock icon in the browser bar. Which indicates the domain you are visiting is safe & secure, verified by SSL Certificate Authority.

• Check the webpage’s URL: When browsing the web, the URLs (web page addresses) begin with the letters “http”. However, over a secure connection, the address displayed should begin with “https” – note the “s” at the end.