Phishing is a type of attack wherein the attacker impersonates a valid site and steals sensitive information entered by the customer on the fake site.
The attacker sends the victim a forged e-mail having the link of a fake page. The fake page looks exactly like a valid page of the original site. These e-mails have upsetting or exciting (but false) statements to get the customer to react immediately. When the customer clicks the link, he is asked to provide his credentials to login and update his personal information. This reveals important information to the attackers.
Steps to prevent these Attack
The best way to prevent phishing attacks is by creating customer awareness. Some important points that need to be communicated to the customers includes:
1. Organizations should constantly remind their customers that they will never request for sensitive information via e-mails. Moreover all email communications should address the customer by first and last name.
2. Customers need to be educated not to click on URL of critical website (e.g. Internet banking website) that comes via email but visit these websites by directly typing the address in the browser.
3. Customers should be educated on identifying secure websites, like https in URL or ‘Lock’ icon, before submitting username, password, credit card number and other sensitive information.
4. Customers should be educated about choosing strong passwords and the importance of changing them regularly. How to choose a Strong Password
5. Customers should be educated to be suspicious of any e-mail with urgent request for personal information.
6. Customers should be provided with easy methods to report phishing incidents.
if you have any other steps to prevent phishing attacks, please share with us by comments.