Phishing is an act of internet hacking where attackers disguise as genuine entities to fraudulently obtain sensitive information such as Credit or Visa Card Numbers, User Names and Passwords among others from unsuspecting victims.
It is one of the oldest types of cyberattacks, dating back to the 1990s, and it’s still one of the most widespread and pernicious online scams.
“Phish”, pronounced just like it is spelled is a technical analogy of “fishing” — to mean throwing a baited hook to a wondering prey. The hacker’s target is contacted through email, telephone or text message.
The notification–which usually take the form of fake messages from banks, service providers, e-pay systems and other organizations–encourages a recipient, for one reason or another, to urgently act as asked, with ultimatums sometimes given. The fraudsters will even try to frighten a recipient with “loss of account in delay”.
As the African eCommerce market records ‘impressive growth figures’ (a tune of $16.5 billion in revenue generated 2017 and projected at $29 billion by 2022), it is no question that we are also the newest and most vulnerable target for online scammers.
Therefore, as retailers increasingly focus on selling merchandise through a variety of online channels such as Facebook and SnapChat, fraudsters are discovering new avenues to lure in unsuspecting victims.
In the United States for example, a recent study conducted by Riskified, an eCommerce fraud-prevention company, showed hundreds of thousands of illegal online purchases.
The company found that there was a 297 percent spike in the number of fake retail websites designed to phish for customer credentials from July to September 2017 to that same period in 2018. Prior to this, Forbes reported that cyberattacks cost American businesses up to $1.6 billion between October 2013 to December 2016.
These attackers, the Riskfied study indicated, were smart to make reference to their own intention, asking message recipient to improve anti-phishing systems as one of the reasons for the disclosure of confidential information they ask. “if you want to secure your details against phishing, click the link and enter your user name and password”.
Their messages also contain links which look similar to familiar and credible URLs of the company whose services their targets use. For example, they may include the name of the original URL with some additional words (www.login-bank.com instead of www.examplebank.com). Another trick is to use dots instead of slashes (for example www.examplebank.com.personal.login or www.examplebank.com-personal.login instead of www.examplebank.com/personal/login).
This type of Internet fraud also targets access credentials such as user names and passwords. Unlike phishers who use email to achieve their goals, pharmers obtain identities via official websites.
They redirect users to bogus websites by changing legitimate digital website addresses on DNS servers to fake ones. Pharming is an even more serious threat because it is next to impossible for the user to spot the fact that they are being scammed.
Now that various phishing scams are being developed all the time to keep up with the upgrading technology, you need to be on the lookout for regular updates and news about online scams. By finding out about them as early as possible, you will be at much lower risk of getting snared by one.
A short video below can show how it is done.
Below is how you can avoid Phishing scam
Watch what you click
You are free to navigate all the links on genuine sites and those you are familiar with. However, clicking on links that appear in random emails and instant messages is quite risky. Before clicking examine the minor detail of the message including the name of the sender and the URL you are being asked to follow. After hovering over the links, find out whether it leads where it is supposed to lead. For e-commerce services, ensure that the link leads to a familiar page where you filled your first detail.
Some online scams can be verified by random Internet search. Do an internet search using the names or exact wording of the email or message to check for any references.
You can further verify authenticity of the site by looking for secure symbol. Secure websites can be identified by the use of ‘https:’ rather than ‘http:’ at the start of the internet address, or a closed padlock or unbroken key icon at the bottom right corner of your browser window.
Legitimate websites that ask you to enter confidential information are generally encrypted to protect your details.
Never provide your personal, credit card or online account details if you receive a call claiming to be from your bank or any other organisation. Instead, ask for their name and contact number and make an independent check with the organisation in question before calling back.
Most popular Internet browsers can be customized with anti-phishing toolbars like Netcraft. Such toolbars run quick checks on the sites that you are visiting and compare them to lists of known phishing sites. If you stumble upon a malicious site, the toolbar will alert you about it. This is just one step of protection against phishing scams, and it is completely free.