Phishing scams — the ones that try to get you to provide private information by masquerading as a legitimate company — are often easy to detect if you have a sceptical approach, but you can get caught out if you let your guard down. Here's how you can boost your phishing detection skills and protect yourself during those times when you're not at full attention.
Want to test your phishing IQ and find out what kind of scams you're most likely to miss? Take this test.
What You Can Do
Most phishing scams find their victims through email, but sometimes you'll come across a phishing site in the wild as well. Either way, here are the basic principles you want to follow to keep a cautious eye out for these malicious traps.
Check the URL
Phishing scams are designed to look like official emails and web sites from actual companies, but they aren't actually those things — they're just imitations. While there may be minor visual variations, the most important clue is that they can't have the same URL as the web site they're pretending to be.
Using PayPal as an example, you'll generally see http://www.paypal.com as part of the URL. Sometimes you'll see something like http://subdomain.paypal.com as well. Both of these URLs are OK, because they end in paypal.com. A phishing URL, however, might look something like this: http://paypal.someotherdomain.com. In this case, "paypal" is attached to another domain name (someotherdomain.com). URLs like this are the ones you want to avoid.
Always Go Direct
The best thing you can do to avoid phishing scams is always go directly to the web site you want to visit rather than clicking a link. This way you don't have to figure out if the URL is safe or not because you'll be using a URL in your bookmarks (or your brain) that you already know is safe. Doing this can also help protect you from phishing scams when you let your guard down because you'll be in the habit of visiting sites directly rather than clicking links.
I fell for a phishing scam once when I read the email right after I woke up in the morning. It was from my bank and they'd sent me a lot of verification notices lately since I'd been travelling and using my debit card all over the place. When I got another one, I didn't even think about it because I'd just woken up. I went to the site, filled in my info, and then immediately realised I'd just provided that information to a phishing scam site. I called the bank to let them know right away and got a new card, but had I changed my default behaviour and visited the bank's web site directly this wouldn't have happened. Of course, that's what I do now and it hasn't been a problem since.
What Your Browser Can Do For You
Detecting phishing scams on your own mainly require the mild paranoia and the behavioural adjustment described above, but there are a few other things you can do to make your everyday browsing safer.
Turn Off Form Autofill
One great feature of many web browsers is the autofill feature. It makes it really easy to fill out forms using information already stored in the browser. It also makes it easy for you to ignore the form you're filling out and just submit it, causing you to potentially miss a phishing scam when you're rushing through the process. While this precaution isn't necessary, and you might prefer the convenience of autofill to the safety benefits that deactivating it can provide, turning it off will provide a little added protection.
Utilise Your Browser's Built-In Tools
Most browsers come with some phishing protection built-in to help protect you, but it isn't always enabled by default. Google Chrome keeps track of common phishing sites and can alert you when you visit one, but you may need to go through the short setup process to make it work. Firefox also offers phishing and malware protection in a similar way, and you can enable it in the Security section of Firefox's preferences. If you have commercial anti-virus software, it will often include phishing detection as well.
Bump Up Your Phishing Protection With Web Of Trust
Web of Trust is one of our favourite browser extensions because it automatically lets you know if a web site is trustworthy or not. While it can't possible verify every single site on the internet, it can make you aware of potentially harmful sites and phishing scams. All you have to do is install the extension for your browser and it will display a trust rating in your browser's toolbar. (You can read more about this here.) Web of Trust is available to download for Google Chrome, Firefox, Internet Explorer, Opera, Safari, and as a bookmarklet for other browsers.
Got any other tips for avoiding phishing scams? Let's hear 'em in the comments!