You visit a website like your bank or email and enter your password to sign in. The site responds normally or shows a blank page, error or wrong password message. Either way, you might have just given away your password away and wouldn’t know it.
How did they get your password?
The website address had a small difference like an extra (-) or missing (.) or a typo. So you might have clicked these fake ones:
and the site looks exactly as the real one. You enter your password to sign in on this fake site and the thief instantly receives your password and sends you to a fake signed in page or other.
Why should you care?
With your password the thief signs into your account and changes the password and locks you out of everything, ie. Gmail, online photos, your business website, Google Docs, Facebook, Twitter, Instagram, Bitcoins etc.
How thieves go phishing
Simple, they send you an email pretending to be from your bank, Gmail or Facebook etc. with an action button or link like Sign In.
The sign in button brings you to the slightly different website address without you noticing. Another trick they use is they know people just Google search a website and then quickly click the first link, which may also be the fake website.
How to protect yourself
- Don’t click links in your email!
- Use 2 Factor Authentication
- Go to the website directly
- Use bookmarks for commonly visited websites
- Verify the website address
- Verify the from email for the same slightly different variations
