Phishing is a collective term for websites that try to trick themselves into sensitive data such as user data, credit cards details, codes, etc… Banks and other types of businesses that store and use this kind of data are particularly vulnerable to phishing.
The most common scenario with phishing is that phishers create an identical copy of a company’s website. This site is located on the phisher’s server and all information that the visitor enters the website is stored by the phishers. It can be very difficult to distinguish a legitimate website from a fake website, especially when the phishers often use URLs that looks like a legitimate site. You can usually determine this by slight variations in how the address is spelled correctly, but it can be difficult to detect at first glance.
A link to the fake website is then sent out an email message with a request to the recipient that he must update or change their information. Already here should recipients take suspicion where very few, if any, companies encourage their users to manage sensitive data in this way.
The so-called IDN domains (domain names with international characters) have become more and more widely used now, also by phishers. While some characters can be used with IDN domains are very similar to the letters normally used for non-IDN domains, an address is created that is very difficult to distinguish from the original address.
What can you do to protect yourself?
You should never follow links provided in an email in the manner we have described above. It is safer to visit the sender via a search engine or to enter the correct web address in your browsers address bar.
Banks or other businesses where you are a customer do normally not request you to log in and change your user information. Emails containing such a request should be explored further through direct contact with the company who appears to be the sender of the email.
When a legitimate email is requesting that you perform specific actions it includes in most cases some form of personal information as verification. It could be your account name or the first digits of your credit card number. Without some form of personal information in an email like this you should exercise caution.
Always use the latest version of your browser. The latest versions of Internet Explorer (9) and Firefox (4) contain features that protect against phishing. These functions are working against a database of known phishing addresses and browser displays a warning if the site is identified as a site with questionable content.