Simple tips on how to identify a phished website

Suppose you check your email one day and find a message from your bank or better yet from your email provider such as yahoo. You've gotten e-mail from them before, but this one seems suspicious, especially since it threatens to close your account if you don't reply immediately. What do you do?

This scenario be-fell one of the reporters of K24. This was a surprise considering her profession; an IT savvy journalist. To me, she ought to have been extra careful in replying to such spoofed emails. Nevertheless,it has happened to many Kenyans. I have also been a victim.

Kenyans have no clue what security concerns this phished website can have in their lives. To some, coining a password is like doing calculus. Calculus was one of those subjects never liked by many esp considering it had lots of symbols and less of the 'ABC' and '123' characters. For example, rather than using "123456" or the ever popular "Password" to protect your account; which is past time to stop. Try using a trick such as "I will never easily get hacked again" might become illnGEThagn, a 10-character password that won't be found in any dictionary.

That was just a by the way. 

Now how do you go about identifying a phished website. Lets take a scenario of the K24 presenter. Below is a snippet of the 'Yahoo account phishing scam email' I received, which I also believe is the same like what the K24 presenter got.

According to this unsolicited email, the recipient's Yahoo account will be closed permanently unless he or she replies with account details within one week. The email asks for the account holder's username and password and other personal information and claims to be from the "YahooMail message center".

However, the message is not from Yahoo and is designed to steal account information from recipients. Those (e.g. the K24 TV presenter) who follow the instructions in the email will actually be supplying their account details directly to scammers. Once they receive the requested details, the criminals responsible can then access the victim's Yahoo account directly, including email and any personal information stored within the account (The reason why K24 TV presenter could not log into her yahoo account).

Then how does, an ordinary person go about protecting him/herself from these scammers? You know, with the landing of the optic fibers, Kenya will surely become a target by these phishers/scammers.

Follow the below remedy, which is not full proof. This is because scammers always have a new trickery up their sleeves. Otherwise, it's a start in the right direction.
  1. To be completely safe from phishers, do not click links in emails. If in doubt, close your browser, reopen it, and type the web address for the site you want to visit directly into the Address bar. 
  2. Look out for a sender's email address that is similar to, but not the same as, a company's official email address. Scammers often sign up for free email accounts with company names in them (such as ""). These email addresses are meant to fool you. Official email from Yahoo! always comes from an "" email address. Remember, scammers can use new tricks such as forge the "From" address to look like a legitimate corporate address (like ""). Because of this, the "From" address is just one factor to consider when deciding if an email is trustworthy.
  3. They often include urgent "calls to action" to try to get you to react immediately. Be wary of emails containing phrases like "your account will be closed," "your account has been compromised," or "urgent action required." The phishers is taking advantage of your concern to trick you into providing confidential information.
  4. They often send thousands of phishing emails at one time. They may have your email address, but they seldom have your name. Be skeptical of an email sent with a generic greeting such as "Dear Customer" or "Dear Member.
  5. To trick you into disclosing your user name and password, scammers often include a link to a fake web site that looks like (sometimes exactly like) the sign-in page of a legitimate web site. Just because a site includes a company's logo or looks like the real page doesn't mean it is! 
  6. Scammers sometimes include authentic links in their spoof pages, such as to the genuine privacy policy and terms of service pages for the site they're mimicking. These authentic links are mixed in with links to a fake phishing web site in order to make the spoof site appear more realistic.
  7. Other indicators that an email might not be trustworthy: 
  • Spelling errors, poor grammar, or inferior graphics.
  • Requests for personal information such as your password. Legitimate companies will never ask you to verify or provide confidential information in an unsolicited email.
  • Attachments (which might contain viruses or keystroke loggers, which record what you type).
Is it possible to identify above tips from our 'Yahoo account phishing scam email' ? Let us all be victors rather than victims.

No comments:

Post a Comment

Ratings and Recommendations by outbrain