When you log into your email account to check for new emails from Learn The Technology – Which you should be doing 🙂 – , you enter a username and password to get into your email. That is so that other people can’t get into your email and pretend that they are you, or read your private emails. When you log in to your bank account to make a transaction, you do the same thing. Obviously, something as important and secure as banking can’t get hacked right?
If you think that your account is super secure because phishing doesn’t exist and nobody wants your personal information, the first thing I recommend you do is to change your password. Then, continue reading.
Any hacker will tell you, hacking into an account is hard unless you have the correct connections or extreme skills. Passwords are hashed and salted, so there’s virtually no way to hack in unless you keep trying a different password over and over again. But humans are humans. If hackers have enough information on a target, they might be able to trick you into giving them your password.
How does phishing work?
First of all, phishing is pronounced fishing. The ph- comes with a hacker tradition to replace f’s with ph.
Phishing is one of the main reasons you should not click on random links in emails. Phishing is when a hacker tricks you into entering your real credentials (Username, Password) into a fake login page, and saving the credentials so that the hacker can use them to log into your account later. And how did you get on that fake login page in the first place? You probably clicked a link from an email.
Steps in getting your information phished:
- Recieve an email that alerts you that something is wrong with your account and that you need to fix it right away. The sender email might be misspelled but you don’t notice and proceed. (Instagram is spelled Instgram)
- You enter your credentials into the fake login page.
- The login page alerts you that an unknown error has occurred (Since it can’t actually log you in), and then takes you to the real login page.
- You don’t realize anything is wrong until the next time you log in. By then, it’s already too late.
See how easy it is for hackers to manipulate you? You literally just told the hacker your password.
How to prevent yourself from getting phished
Phishing doesn’t always have to be in the form of an email. Sometimes, the attacker might call you over the phone, or contact you by text. If you get a message saying you need to change your password, tell the sender “Thanks, I’ll do that myself”, and then log into the website by typing the actual url into your search browser. This way, you are invulnerable. And even if the email was genuine, the sender won’t get offended.
Most of the time though, phishing emails get sent to your spam folder. Because Google is quick to notice that it is suspicious and up to no good. Good job Google.
(Click to enlarge)
Google also buys common misspellings of their domain, such as gooogle.com and googl.com and makes them redirect to their main domain, google.com.
Also, ‘Constant Vigilance’! Look out for small mistakes within the email or the login form. Most of the time, the phishing is missing some small things, such as logos. Sometimes, the hackers are careless enough to have incorrect grammar. Also, always look for the green lock displayed on the left of the url on your browser. The green lock signifies that the ssl certificate is in fact genuine and that you are in fact visiting the actual website, not a fake copy.
It all comes down to this: The internet is a dangerous place, and you should never trust anyone online that you don’t know in person. And remember what I wrote above. Staying alert might as well save your Instagram profile.
I also found out that phishing done by text message is called Smishing.