The technological revolution and the massive use of the Internet have allowed easy and immediate access to information, managing to connect millions of people worldwide. But along with its benefits, some common threats have also appeared, such as social engineering attacks and cybercrimes.
What is phishing?
Phishing is a computer social engineering attack using digital media such as email to deceive and defraud people. Through emotional manipulation techniques, it generates trust in people to be able to steal their information and money.
The goal of phishing is to trick people into obtaining confidential data, such as passwords and banking information. This cybercrime is committed through fake emails, messages, or phone calls. The scammer uses a false identity to obtain the information he needs and commit crimes such as stealing money from bank accounts.
Types of phishing online.
- Blind phishing. The most common blow of all is “Blind Phishing,” which occurs via mass email triggering. In it, criminals generally rely on the ingenuity and lack of knowledge on the part of the recipients about this type of scam on the Internet.It is common, for example, for the email to have some biased link or attachment so that the recipient can download a virus on their computer.
- Smiley. This is the phishing carried out through SMS shots to mobile phones. These are usually messages that prompt the victim to make immediate decisions, such as saying they are in debt or have won a random lottery.
- Scam. Phishing scams of the type “scam” are attempts by criminals to obtain victim information via contaminated links or files.In this type of phishing, contact can be made by phone, email, text message, or social networks, for example.
- Phishing clone. As the name implies, this scam clones an original website to attract users and induce them to behave like they were in a safe environment.
- Spear Phishing. “Spear Phishing” is when the attack is targeted at a specific person or group of victims. Therefore, it aims to access a specific database to obtain sensitive information, confidential files, or financials.
- Vishing. This phishing uses voice mechanisms to apply scams on the Internet. In general, voice calling creates a sense of urgency for the user to take action and provide information quickly.
Tips to protect yourself and avoid phishing scams on the Internet.
- First of all, be suspicious! First, be wary of any unwanted communication you receive. In general, companies often send relationship messages, such as offering products/services or changing policies.They can also send recurring messages, such as providing bills for monthly payments, such as bills or installments due. However, be especially suspicious if you receive a message from a company without having taken any recent activity on your account/platform. If you doubt, contact the company through the official service channels or access the page through your browser.
- Check the links before clicking. Also, be wary of the links you receive in an email, for example. Even if the fraudulent email content is authentic to the original, before clicking on the link, pause your mouse over the link and check if the domain, which appears in the bottom left of the screen, to which you would be directed, is trustworthy.
- Pay attention to small details. It is common to receive, on our social networks, product advertisements from several virtual stores and e-commerce. And, in some of these cases, they may be fake pages that mimic the brand’s product pages almost perfectly.Therefore, before closing the purchase or entering any personal data, check if the URL address is correct if values are different from those presented on the official website. Whatever else is useful to help you make sure you are on the correct website.
- Install antivirus on your devices. An antivirus is a great tool against phishing and other criminal tactics, especially since it tends to warn against questionable content. Therefore, look for a quality antivirus, even in a free version.
- Use anti-phishing browser plugins. Another tip is to install specific plugins in browsers to prevent phishing. Thus, each time you access a website, the tool automatically checks records or signs of that portal in the banned address lists.
- Identify the authenticity of the charges received. Pay attention to the data presented in the slips and in other billing modalities. Check the origin of the charge, look for spelling errors or false information. Also, check the numbers shown in the barcode on the bill of exchange.
How to recognize a phishing attack.
Phishing is a social engineering attack focused on scamming people based on human error. Below are the main characteristics that will help you identify them and not fall into the trap.
- Request for confidential information. A well-known brand will never ask its customers for sensitive information via email. Any message asking to verify personal or credit card information should immediately be considered apocryphal.If there is also a link in between, it is best to ignore and go directly to the accounts in question to review the notifications.
- Strange domains. When verifying the authenticity of an email, you should check the name of the sender and the domain. This can usually be checked at the top, where the sender and recipient details come from.Cybercriminals will try to pass off a fake address as legitimate by adding small but noticeable differences.
- Suspicious attachments. Spam emails containing attachments are likely to serve malicious purposes. It is extremely rare to receive an unsolicited message from a company requesting to download the attached file.Most ask the customer to go to their site and download the information they want to provide from there.
- Misspelling. Knowing the spelling rules can be very helpful in identifying phishing attacks. A respected company has a team of professionals to write copies of their emails as part of an emailing strategy.Apocryphal emails will generally be conspicuous by their misspellings, poor writing, and unusual structure. This should be enough to question its provenance.
- Sense of urgency. To trick their victims, cybercriminals set an urgent deadline in their messages. For example, the email could invite the person to click on a link; otherwise, their account in question would be blocked for security reasons. This also should be a cause of suspicion.
Protect Yourself from Phishing Scams.
What differentiates a classic scam from phishing is that the latter mislead the victim to take action or provide information voluntarily.
Criminals can use various tricks to obtain important information from a person. One should be on the lookout always to avoid being a victim of phishing by being careful with personal data.