Phishing: What is it and how to protect yourself?
Fraud and manipulation are two unsavory terms that are often the cornerstones of a big scam. Do you want to know how you can protect yourself from this in the online world? - Keep reading.
Currently, a large part of our lives (access to bank passwords, classified data, among others) are stored in the cloud and obtaining access to this information is something that malicious people fight for day after day using increasingly sophisticated computer techniques.
There are thousands of ways in which cyber-criminals carry out large thefts of information and money every day and today we want to talk to you about one of the most used, phishing; as well as give you some tips so you can stay alert and know how to protect yourself in a situation of this nature.
What is phishing?
Phishing is one of the oldest scam techniques. It is about sending fraudulent messages (email, whatsapp, social networks, etc.) where the recipient is asked to reveal bank information, access to emails or to make money transfers for specific reasons. The architects of these attacks resort to lies, stratagems, forgery and outright manipulation in order to achieve their goal. For all these reasons, phishing is framed within the so-called social engineering as a type of attack that takes advantage of human credulity and not a hardware or software failure to achieve its goal.
These scammers tend to send these types of messages on a daily basis and unfortunately they are usually successful. The FBI's Internet Crime Complaint Center reported that people have lost $30 million in a year to phishing schemes but there are things you can do to protect yourself and today we're going to show you some.
How to detect a fraudulent message?
Scammers tend to have experience and know what words and conversational strategies to use to manipulate their victims, but there are clues that will help you recognize them and avoid being scammed.
Here, we make a parenthesis to mention some famous cases where large companies suffered significant losses:
- Facebook & Google: both were swindled out of more than $100 million between 2013 and 2015 through an elaborate fraudulent invoice strategy. A Lithuanian cybercriminal sent false invoices to both companies posing as an Asian supplier and received constant payments.
- FACC: An Austrian aerospace parts manufacturer was swindled out of $61 million. A cybercriminal posed as the CEO of the company and sent a phishing email to an accounting clerk who transferred funds to an account for a fake project.
- UBIQUITI NETWORKS: The famous computer networking company in the United States did not know, until informed by the FBI, that they had stolen $46.7 million dollars, almost 10% of the company's cash flow, through emails.
As you can see, large companies have been victims of this type of crime, which teaches us that no one is exempt, so we must be very vigilant. To recognize fraudulent messages we must pay close attention to the sender, phishing emails and text messages may appear to be sent by a company you trust or know. They may look the same as messages sent by a bank, a credit card company, a social networking site, an online payment website or app, or an online store.
Often in these types of messages, they tell you a story to trick you into clicking a link or opening an attachment. Messages could:
- Say that suspicious activity or login attempts have been detected in one of your email or social media accounts.
- Claim there is a problem with your account or payment information.
- Say you must confirm some personal data. Here, what they are looking for is that you yourself provide them with bank information, passwords, etc.
- Include a fake invoice.
- Ask you to click on a link to make a payment.
- Say that you are eligible to register and receive a refund from the government or a Visa to enter some country.
- Offer a coupon for something free or a prize.
How can we protect ourselves from phishing?
Your email account's spam filters can prevent many phishing emails from reaching your inbox. But scammers are always trying to evade spam filters, so it's a good idea to know how to recognize these types of messages and follow the recommendations that we mention here:
- Never access sites suggested by links sent through dubious emails or unknown to you, since URL addresses in emails are one of the ways usually used to insert viruses or Trojans that compromise the security of computers and other electronic devices.
- If you have doubts about the authenticity of the person who writes to you (in case they are supplanting the identity of someone you know), it is best to contact the person you think is trying to reach you (the person you really know) through a reliable telephone number, to clarify the situation. Also, do not answer emails through which personal data is requested, since this is the first sign of danger.
- Phishing emails often use names and adopt the image of real companies to confuse you, this is identity theft. These emails usually include websites that are visually the same as those of real companies. Here, if you have any doubt that the company in question is indeed trying to contact you, try to contact them through verified phone numbers to confirm the veracity of the email that they supposedly sent you.
- Never access your bank's website through links sent by email.
- Remember that your bank will never ask you to send your passwords by email, so if you receive an email from "your bank" requesting this type of information, it is most likely that you are being targeted.
- The best way to get it right is always to systematically reject any email or communication that encourages you to provide sensitive data.
- Finally, always read the sender's email address carefully. Many times, attackers send emails from addresses that are very similar to the ones that normally reach you, but if you look closely, you will surely notice some "dot" or extra symbol.
Although phishing can sometimes be difficult to identify, following the simple tips in this article will help you be more vigilant. At e•saurio we take security very seriously and we want to prevent you from becoming another victim of unscrupulous people who, hidden behind a computer, cause losses that are often irreparable.
If you liked this article, subscribe to our blog.
Remember that you can find us on Instagram, Facebook and Twitter as @esauriook
On LinkedIn as e•Saurio