‘5-second rule’ for Phishing

Amin Sabeti
2 min readOct 24, 2014

Since 2009, I have worked in the digital security sector and have been involved in training many people from a wide variety of background and countries. In addition to this, I have had practical experience in helping a number of victims secure their accounts after Phishing attacks.

In my experience, the main reason why the majority of people lose their accounts is due to the increasing incidence of Phishing; a recent high-profile example of this is The Associated Press’ (AP) Twitter account being hacked by the Syrian Electronic Army (SEA).

The fake Tweet was sent by the SEA on @AP (Source: BBC)

So, whenever I talk about Phishing at digital security workshops, the majority of people ask how they can protect themselves and what is the easiest way to protect themselves. I always preface my answer by saying that no one can guarantee your digital security on the Internet and, if someone shows you a method and claims you are 100% secure, you should be sceptical.

But what is the easiest method of identifying Phishing attacks?

The answer is the ‘5-second rule’ — you only need to invest 5 seconds of your time before typing in any of your sensitive data.

What does this mean in practice?

It means whenever you want to type in any sensitive data, such as your username and password, you must first check your browser’s address bar to verify that the website address is correct in all details. For example, if you log in to Gmail, the login address always ends in gmail.com or mail.google.com, not for instance, g-maail.com, ggmaal.com, etc.

It’s as simple as that! The ‘5-second rule’ for Phishing can protect you against this type of cyber attack.

Do not forget you must always follow this rule whenever you have to enter any of your sensitive data.

If you would like to have conversation about this story, you can send an email to aminsabeti [at] gmail [dot] com or poke me @AminSabeti on Twitter.

--

--

Amin Sabeti
Amin Sabeti

Written by Amin Sabeti

Founder @Certfalab , Digital Security Expert, #Iran’s Internet Expert, Hacker Hunter🕵️

No responses yet