How to avoid Phishing Attacks

Since my Facebook feed is full of screenshots about a recent phishing attack, I am taking 15 minutes out of my busy schedule to explain what a phishing attack is and how to spot and avoid one.

What is Phishing?

Phishing is a type of online scam where criminals impersonate legitimate organizations via email, text message, advertisement or other means in order to steal sensitive information. (Webroot).

How to identify Phishing attacks?

URL - Always make sure that the URL is readable, has no spelling mistakes and is actually the domain name for the website you are trying to visit.
Example: When the message says it is a giveaway by Amazon, the link should be https://amazon.com/30-anniversary-giveaway or something similar. But if you spot something like https://adagafsdfhewf.co/sdaggq. As you can guess by easily reading the URL, the domain looks like gibberish and nothing to identify the actual service provider.

Unreadable domain - Phishing site

Another trick used for phishing is using a similar spelling to the original website. Something like https://amzon.ml/giveaway. This can also be easily spotted by looking at the URL and seeing that the domain name is misspelled. You can also make sure there is a padlock in the URL. If you are a bit tech savvy, you can click the padlock icon on the URL and see if the website's SSL certificate was issued by a trusted Certificate Authority (CA).

Checking the certificate of the domain

Google Safe Browsing Report - This is a service by Google that keeps track of unsafe sites and shows the legitimacy of websites. You might encounter a warning on your Google Chrome whilst visiting a website and this should be enough for you to click away. You can visit their website to check up on a site as well.

Google Search - A simple google search with the text in the phishing message can help you easily identify phishing attacks.

Personal Information and Surveys - If the unknown website is asking for your banking details, prompting to log into your social accounts or asking you to complete surveys, click away as those are mostly phishing attacks. Never give out such details hoping to get money or gifts from some random link. If something seems too good to be true, it probably is.

If you are still suspicious (even a bit) after these steps, DO NOT USE the website. And DO NOT SHARE the website with others. Be skeptical! It's better to be safe than sorry.

Google Transparency Report
URL and website scanner - urlscan.io
urlscan.io - Website scanner for suspicious and malicious URLs

You can use the above websites to scan URLs for malicious behavior.