Diving right into the topic, Phishing is basically an act of sending emails to a user claiming to be associated with a legitimate firm but behind the scene it’s a scam that someone is running to grab your confidential personal information. The email generally contains a link which looks very similar to the legitimate link of the same enterprise.
Also the page will look the same with all the elements matching the original page. Most of the time, these emails would require you to login to the fake web page using your login credentials. But as the page was fake, the link was a fake and the email all together was fake you would be handing over your passwords to the scamster on a platter.
Click on this link (UPDATE: This file is not available anymore) and have a look. You would see an authentic Facebook login page asking for your login id and password. But when you have a look at the URL, you will find that it’s not even closely related to Facebook. Please note that this page was hosted by me on Dropbox for educational purpose alone.
The key to fight phishing is to be alert all the time. The major reason people fall into these traps are because they don’t pay attention to the URL of the page. Moreover, none of the banking company or any other established firm will ever shoot you email asking you to provide your credit card details or change login password unless you initiated the request.
If at all you receive emails that require you to provide such details, always have a second look on the URL of the page and cross check it with the official URL of the establishment. If the page is not from the same domain or the sub-domain, never ever give your details. We’ve already covered a detailed article on ways to identify suspicious links.
Moreover, there are many antivirus tools which install browser extensions to fight phishing. These extensions collect data from different sources and make a list of positive phishing websites to warn you when you land on one of those. These tools can be a great help but still they don’t provide a 100% security.
How Can I contribute
Many email services have been fighting phishing for years now and you can be a part of that as well. All you need to do is report the phishing email to the system so that they can include it in their database and fight phishing better.
For example, in Gmail you can report an email as phishing by clicking the arrow button near the reply button and selecting the option from the drop-down menu.
Before I conclude, all I want to say is that before you provide your personal information to an email or to a web page in the email, just check with the organization over phone and ensure if the mail is legit. A direct phone call is always a better option.