Phishing Myths

14 Myths About Phishing

Norton Special Offer

Phishing involves the deliberate attempt to acquire sensitive information, such as log-in user names, passwords, and payment details, via electronic communication. Phishers exercise their criminal intent by deceptively presenting themselves as trustworthy entities. Phishers masquerade as online payment processors, Information Technology (IT) administrators, lending institutions, auction venues, and social networking websites. Instances of phishing typically occur by electronic mail (e-mail), instant messaging, and fake websites that look and feel identical to the legitimate ones. Phishing e-mails and instant messages tend to have links that direct to fake websites infected with malware. Phishers use social engineering techniques to exploit the targeted user in hopes of obtaining sensitive information. Law enforcement has enacted legislation against this cybercrime. In addition, many lending institutions, Internet Service Providers (ISPs), e-mail hosting services, and media outlets have sought to raise public awareness about phishing dangers. Unfortunately, this has led to some common misconceptions and myths about ways to protect oneself against clever attempts.

 

Read these 14 phishing myths to protect against identity theft:

 

Myth 1: Phishing E-mails are Easy to Detect

Phishing has not vanished, despite an increase in public awareness over the past years. While many people have a pretty good idea what to look for in phishing e-mails, it still catches unsuspecting victims off guard. Phishers know that people have caught onto their schemes, which means they feel pressured to think of new ways to fool even the most vigilant. The elderly tend to fall for phishing hooks more than their younger counterparts, mainly because they have come to trust "big name" corporations and their logos. Auction buyers also fall victim to phishing messages offering a better price for a recently won item. The unemployed may also succumb to messages asking them to fill out private information to receive a job offer. These clever tricks can catch anybody off-guard, especially if the desire for the "bait" overrides the victims' rational faculties. As a result, users must do more for their own personal safety.

 

Myth 2: Spam Filters and Anti-Virus Software Detect All Phishing Messages

Spam filters and anti-virus software play an important role in reducing the number of phishing messages. Unfortunately, they can not stop them from coming in altogether. Filtering personalized messages requires a complex security software to sniff out phishing methods. Scammers always tend to be one step ahead of the game when it comes to filters. Continue to use filters, but do not rely on them for optimal safety.

 

Myth 3: Blocking Recognizable Phishing URLs will Protect Against All Phishing

Blocking known phishing URLs can help prevent from getting targeted by the same website twice. They do not protect against other phishing websites. In addition, it takes time to determine if a website has phishing ploys, which leaves the visitor vulnerable to existing attacks. In addition, most phishing websites only last for about 24 hours, making lists an ineffective way to defend against phishing. Good lists can help, but they are not a fool-proof safety measure.

 

Myth 4: The Targeted Website Holds Responsibility for Phishing Attacks

Websites must provide protection to its users against privacy intrusion; however, they are not responsible for losses that came due to user negligence. In other words, users must protect themselves against phishing. Even if the website does partly reimburse the user, it still causes damage in the long run through waste time and loss of reputation. It can even make it impossible to recover previous credit history standings.

 

Myth 5: Criminals Can't Duplicate an Institution's Website

Phishers spend all of their time looking for ways to dupe hundreds of users of their personal information. Many have extensive computer background in computer design and programming, which means they can make a fake website look identical to the original website with relative ease. Never click on links in an e-mail, even if it looks like a legitimate notification. Navigate to the original website by typing the URL in the browser's address bar. This will safeguard against phishing e-mails intended to steal user name and password information.

 

Myth 6: A Secure Website Has a Lock on It

Phishers can create encrypted fake websites. The lock or key on the website does not mean it is safe to enter.

 

Myth 7: Poor Grammar Definitely Means Get Out!

Many phishing messages and websites have perfect grammar. Many phishers come from an educated background; if not they can use grammar software to eliminate errors. Phishers may also enlist the help of freelance writers or copywriters to create content. Do not judge a book by its cover!

 

Myth 8: Not Sharing Passwords Guarantees Against Phishing

Phishers have adopted sophisticated ways to lure users into giving out their personal information. Phishing e-mails may no longer require the user to input user name and password. In fact, many messages mirror statements or notifications that entice users to click on links to "update" their information. Users that click on the link typically infect their computers with malware, such as spyware or keylogger. The link may direct the user to the legitimate website. Once the user arrives to "update" personal information, a pop-up or overlay prompts the user to enter it.

 

Myth 9: Phishing Attacks Originate Outside of the Country

Many media outlets have covered the Nigerian 419 scams, which has led users to believe that phishing criminals reside outside of the United States. Contrary to popular opinion, phishing attacks mainly occur within the United States.

 

Myth 10: Users Only Need to Refrain From Clicking on Links

Staying away from links can minimize risks of giving out personal information, especially in regards to phishing. However, it will not protect against a related attack called pharming. Pharming occurs when a DNS server redirects a user's browser to a fake website. This happens when navigating to a website that may have a hidden script.

 

Myth 11: Users Only Need to Refrain from Opening Unknown E-mails

The same concept applies with refraining from clicking on links. Avoiding unknown e-mails only protects against attempts at stealing information using electronic communications. It does not protect against pharming.

 

Myth 12: Users Can Use Proven Anti-Phishing Solutions

Many anti-phishing solutions exist that can help combat phishing; however, it requires research to find out the effectiveness of each service. Anti-phishing solutions help to cut down on the risks; however, user's must still remain vigilant for optimal protection.

 

Myth 13: Users Only Need to Remain Vigilant

According to the Federal Trade Commission (FTC), nearly two million of adult Internet users experienced some form of phishing. In addition, the Anti-Phishing Working Group reports an uptick in phishing attacks of 4,000 percent between 2004 and 2005.

 

Myth 14: Users Don't Need to Do Anything At All

Some people think that users should not concern themselves with phishing. Many feel that investing in anti-phishing software and educational courses does absolutely nothing to safeguard against attacks. Failing to protect against phishing can lead to the loss of personal, financial, and corporate information.

 

Follow these links to learn more about phishing myths:

 

 

« Back to the Security Center