4 General Methods You Can Use To Detect Phishing Attacks
The internet is one of the best tools known to mankind to do basically whatever you want. But Facebook, Twitter, Gmail, Dropbox, Paypal, eBay, bank portals, and so many more sites have twins that are actually phish.
A “phish” is a term for a scam website that tries to look like a site that you know might well and visit often. The act of all these sites trying to steal your account information is called phishing. While it’s very easy to spot some sites as a phish, others aren’t nearly as easy.
Here are four different anti-phishing methods you can use so that you don’t fall victim to phishing.
1. Use a Custom DNS Service
You need a DNS resolution service so that you can access all the sites that you go to. Your computer doesn’t automatically know where Facebook is (as far as its Internet address, or IP address, goes), so it needs to ask a DNS resolution service for that IP address. The good thing is, all Internet users have this service, thanks to their internet service provider. The bad news is that’s all they do.
Aside from name resolution, the DNS servers at ISPs do nothing else. However, there are some custom and independent DNS companies that do more than just name resolution. They can also filter sites based on content and malware/phishing concerns. There are many out there that can do this, but the most popular one (last time I checked) is OpenDNS .
2. Use Your Browser’s Phishing List
Did you know that modern browsers offer a phishing list? The browsers check the site you’re visiting against the list to see if it’s possibly a phishing site. If it is, your browser will start freaking out about it in your face like a good boy. For possible phishing attacks, why not throw out a big red page to warn you?
3. Use Sites To Check Links
In case you’re presented a link but you’re not sure about clicking it, you can copy and check it on a number of different sites. These can tell you whether there’s something bad about these sites, including malware and phishing. Where can you find all these wonderful sites that do this for you? Try checking out one of our articles on the subject.
4. Use Your Own Ninja Skills
This may sound like useless advice, but using your own skills to detect phishing sites can go a very long way as well, and may even protect you from phishing sites that haven’t made it onto any lists that would throw an immediate flag. There are a few things that you should look for to see if you’re being faked:
- Look for a secure connection. This is usually identified by a green area in the address bar, along with https in the URL.
- Look at the domain of the URL. If you don’t know what the domain of a URL is, here is an example: The domain of MakeUseOf is makeuseof.com, while the domain of PayPal is paypal.com, and so on. Look to see that the domain is as it should be, and not something bizarre.
- Look at the site itself. If it doesn’t look exactly like the site you’re always used to, it may be a scam site. You can double check by opening a new tab and visiting the main page of the site you think you’re on (if possible). If they’re quite different, then you’re more than likely dealing with a phishing site.
Now that you’re equipped with these tips, you can take this handy little Phishing Quiz provided by OpenDNS where you are presented with screenshots of some websites. Some are real, while others are phish. You can take the quiz and see how well you do. Afterwards, you can see why a certain site is a phish and not real.
With these anti-phishing tools and tips, you are well equipped to spot phishing attempts and avoid them. Therefore, you’re much safer and your account information will remain private. If you feel enough like a pro, go and spread the word! The more people know how to spot phishing attacks, the better off they will be while surfing the internet.
How do you detect phishing sites? Do you think it is getting easier or harder to identify them? Let us know in the comments!
Image Credit: Shutterstock