Most of us regularly use the internet: we visit social networking sites, shop online, check our email, and log into our bank accounts. During these activities, we provide contact details, our home address, usernames, and passwords. However, we are not always aware that the security of our data may be at risk, and that illegally obtained personal details can be misused in many ways. This type of online fraud is known as phishing.
What is phishing and should we really be worried about it?
Phishing involves deceitfully obtaining personal data from internet users. It often includes the theft of passwords, bank account information, credit card numbers, and other confidential details. Such phishing messages usually appear as fake communications from banks, e-payment service providers, or other organizations. These messages always “encourage” the recipient to urgently enter or update their confidential information; otherwise, they risk losing critical data or facing some other catastrophe, such as a system failure.
Phishers most frequently target online auctions, electronic payment systems, and banks. Essentially, they are interested in data that grants access to a potential victim’s money. However, stealing email data is also common—such information is often sold to hackers who spread viruses or to those who create networks of infected computers, known as botnets.
Phishing messages are generally of “high quality,” meaning that the counterfeit website will look almost identical to the original one, leading unsuspecting users to enter their data without suspicion.
SSL Certificates to the Rescue
An SSL certificate guarantees the confidentiality of our data. SSL is a network protocol used to encrypt various internet connections—for example, on websites, in webmail, and during financial transactions.
The process of transmitting data via an SSL certificate works in two ways: it encrypts and integrates the exchanged data. The first step involves the client sending a request to the server. The SSL-certified server responds, after which the website verifies its authenticity. Once everything matches up, a symmetric key is generated to encrypt the client’s data. At this point, we can be sure our data reaches the intended recipient, as only their server holds the key to decrypt the sensitive information.
Essentially all reputable institutions use SSL certificates—from public organizations and private companies to online stores. It is the fundamental method of protecting personal data transmitted online, enabling secure internet connections with the use of cryptographic keys.
How to Differentiate a Fake Website from a Genuine One
The address of the website you’re interested in should include the “https://” prefix and be preceded by a padlock icon. This indicates that the domain has an SSL certificate and the site is secure. Clicking on this icon will display information about the certificate’s validity—its expiration date, who issued it, and for whom.
An SSL certificate bearing a specific company’s name is issued only to verified entities and cannot be forged. Therefore, you should always check the destination address in your browser to ensure that you are logging into the correct, original website.