What is Phishing and How to Prevent it
Definition of Phishing
Phishing is a method of committing fraud by tricking the target with the intention of stealing the target's account.
Phishing can be said to steal important information by taking over the victim's account for a specific purpose. Phishing is usually often used in emails where the spread via email is done to provide information that leads to fake pages with the intention of trapping victims.
Types of Phishing
To get to know more about the act of phishing, let's study the types of phishing that are most commonly encountered today:
Phishing Emails
As the name implies, phishing emails use email media to reach potential victims.
Spear Phishing
Spear phishing is a type of phishing email. The difference is, instead of using massive email delivery with random potential victims, spear phishing targets certain potential victims. Usually, this technique is done after some basic information about the potential victim is already in possession, such as name and address.
Whaling
Whaling is a phishing step that not only targets individuals specifically but also individuals who have high authority in an organization, such as business owners, company directors, HR managers, and others.
Therefore, if the whaling action is successfully carried out, there will be many advantages that can be utilized because they have gained access.
Web Phishing
Web phishing is an attempt to use fake websites to trick potential victims. A website for phishing will look similar to the official website and use a similar domain name. This is known as domain spoofing.
How Web Phishing Works
The way web phishing works is actually quite simple, namely, perpetrators usually target websites that are bona fide and popular among users, such as facebook.com, twitter.com, instagram.com, gmail.com, or paypal payment sites.
After finding the target they want to target, phishing web makers usually immediately design a fake website, aka create a phishing website with the appearance and domain name as closely as possible from the original website.
Some examples of web phishing include fatebook.com (a duplicate of facebook.com), and twlitter.com (a duplicate of Twitter.com, pay attention to the letter "i" being replaced by the letter "L").
Armed with a domain name and a similar appearance, web phishing will work to collect users to login using real information.
Furthermore, the entered data will automatically be stored in the database to be used to login to the original website by the perpetrators of the phishing web spreaders.
Social media accounts that are affected by phishing usually have signs that they often post links containing strange things, unusual statuses, or can also be used to carry out a planned fraud mode.
How to Overcome Phishing
The following are tips for dealing with phishing:
Use Logic and Think Smart
The chance to escape phishing scams is how you are able to think logically and intelligently while browsing online and checking your email.
In order to decide to click on a link in an email, you must be very sure that the email is authentic. When in doubt, try opening a new browser window and typing the URL into the address bar.
Be wary of emails asking for confidential information, especially when it comes to personal information or banking information.
Ensure the Security of Websites Accessed
Never visit unsafe websites, especially websites that will process personal or financial data. Only make transactions on websites that use SSL only, namely websites that are marked with the use of the HTTPS protocol.
Use Two-Factor Authentication
If the platform you are using does provide one, always enable Two-Factor Authentication (2FA). This system uses 2-step verification, namely your password and your cellphone.
When the phisher has found your username and password but cannot enter the 2FA verification code, the platform will not continue the process. This means that your account will remain better protected.
Be vigilant when asked for personal data
Never give out your personal data when accessing a website. Except, the website is indeed official and your data is needed to carry out the transaction process.
For example, there are several online stores that only serve purchases from registered members. However, there are also those that allow purchase transactions without having to log in. Whatever your choice, take the action that has the least adverse security impact possible.
Be careful with shortened links
Cyber criminals often take advantage of shortened links. Generally we can find cases like this on social media with the aim of deceiving you (thinking of clicking on a legitimate link when in fact it is a fake site).
You hover your mouse over a web link in an email to see if you were actually sent to the right site. If correct, then what appears in the text of the email is the same as when you see it when you use the mouse. If different, then the link is phishing.
Pay Attention to Emails Carefully
Usually, if there are a lot of typos and exclamation marks or an awkward greeting, then the email is clearly seen as phishing.
Cybercriminals often make mistakes in e-mails. You pay close attention to the content of the email and the sender's email address. If you use the name of a company or agency, you can check the correctness by browsing or contacting via telephone.
Beware of Threats and Deadlines
Sometimes a reputable company or agency asks you to do something because it is urgent by using threats and wants to be done quickly. Then those are signs of phishing.
Some of the threats they usually make are in the form of fines, threats of punishment, or threatening to close your account.
Immediately contact the company or agency through a separate channel so that you can get the actual information.
Browse Using HTTPS
Make sure you are surfing on a safe website. The indicator is indicated by https:// and a security icon in the form of a lock on the browser address bar
We recommend that you never use public Wi-Fi for anything related to banking transactions and activities, shopping or entering personal information online.
Check Your Online Account Regularly
Not infrequently you register to various platforms or sites and then never use them again. Even though all your information is still stored on the platform.
Our advice, please do the deletion of the account and data if it is not used anymore. Or, you can continue to change the password periodically on the account if you still want to use it at a certain time.
How to Overcome Phishing on a WordPress Website
If you are a WordPress owner, here's how to deal with these online crimes on your WordPress website:
1. Use Plugins to Clean Phishing Malware
Use an anti-malware plugin on your WordPress website.
You can use MalCare which is an anti-malware plugin with an instant removal feature. Malcare can detect any malware that attacks the website and then remove it automatically.
2. Always Update WordPress
WordPress is a platform that regularly updates. In addition to adding features, updates are also used to add security holes that are often used by phishers.
To prevent your WordPress from getting malware, always use the latest version of WordPress. If your WordPress version is still old, you will get a notification on your WordPress dashboard to update it immediately.
3. Install SSL Certificate for Website Security
The role of SSL is very important to ensure the security of transactions on a website. If you haven't used it yet, immediately install an SSL certificate on your WordPress website.
4. Strictly Perform User Management
If your WordPress website is managed by many people, please do good user management. Don't give admin privileges to everyone. User access rights must be adjusted to the authority and ability to maintain website security properly.