How to protect yourself from phishing: LeaderTelecom recommendations

Anyone can fall  victim to Internet fraud. If you are an online  customer of a  bank, or use their payment systems or make purchases on the web – please pay attention to these simple guidelines to help protect you from different types of online fraud.

Phishing: how not to fall into the trap

Phishing is a form of Internet fraud, where hackers gain access to confidential user data, such as usernames, passwords and credit card numbers. Access to these types of data is obtained by  specially created pages and sites that look very similar to the original. By entering data on such sites, users will help attackers gain access to  important personal information.

One of the users of the payment system PayPal told us how he became a victim of fraud. When Roman wanted to get money from Forex, he accidentally moved onto a phishing site. As a result, he lost 100 thousand roubles that were stolen. Later Roman remembered that he did not turn on two-factor authentication via SMS and at the time of making the transaction Roman did not notice any differences from the genuine  site. This illustrative example shows how important it is to protect your data in all possible ways.

Many phishing sites are virtually indistinguishable from the original. This is especially difficult when using mobile devices. How to determine whether the site is genuine  and can you trust the site?

Example of phishing mail:

Example of phishing site:

The first difference of phishing sites – URL (that is written in the address bar of your browser). So, there are many sites with URLs similar to https://paypal.com/. Many of these sites may not be available most of the time and activated only a few hours per day:

·t.paypal.com

·paypal-visa.com

·paypai.co

·paypal.hk

·paypl.co

Why do people visit such sites? Usually, the top positions in the search results take contextual advertising - paid links that may have nothing to do with the original service. You can easily fail to spot  that the website URL is different, because the service name is similar to the genuine one. 

The second difference of phishing sites - the lack of SSL-certificate. All pages where visitors are able to  enter confidential information should use a secure https data transfer protocol. Most phishing sites are using insecure http, which means that such sites cannot  be trusted.

When you go to a secure page, you can see the “Lock” icon, which appears in the address bar of browser. If you click on this icon, you will be able to discover  information about the certificate.

Currently, there are phishing sites that use a secure connection with the icon "Lock". In this case, you need to pay attention to the type of certificate: a DV-certificate will confirm only data protection on the phishing site, but no confirmation of the organisation itself (e.g. PayPal).

EV-certificate indicates secure connections. Next to the "Lock" icon  the name of the organisation is displayed . EV-Certificates are the most trusted.

This type of certificate colours the address bar or a portion of it in green and this,  for the majority of Internet users, has long been a symbol and a guarantor of security.

SSL certificate: To help organisations

The correct  step for any organisation whose activities are related to the processing of sensitive user data - is to acquire  an EV SSL-certificate to guarantee  security.

When using this type of certificate, all information is encrypted and is transformed into a set of characters that is useless to fraudsters.

For the organisation, the result of using EV SSL-certificate is  sales growth of between  10-40% for all areas of Ecommerce, confirmed by independent researchers. You can order the certificate here.