Which is:
You may not even know what phishing is, you may have already received an email with the title “Update your data” or “You have just become the newest millionaire”.
These messages are extremely common and amount to a cybercrime known as phishing.
It is a way to illegally obtain data such as bank passwords, credit card numbers, among others.
Generally, cybercriminals impersonate trusted institutions (banks, Post Office, Government, etc.) to try to steal your data.
One way to trick people is to address issues of interest to victims, including some cybercriminals, change the topics until they succeed in their attack.
And where does this term phishing come from? It was chosen because of its similarity to another word in the English vocabulary, fishing, which means to fish. In other words, the practice of “fishing” victims’ information and data through false information.
As with fishing, those who practice phishing get information through a bait thrown at victims.
Know some types of phishing:
Scam:
These are attempts by cybercriminals to trick you into providing personal information such as bank account numbers, passwords and credit card numbers by opening contaminated links or files. This information will be used to misuse your account, steal money and carry out transactions.
Blind Phishing:
The most common of all, emails sent in bulk and without many strategies, which rely only on the “luck” that a user falls into the trap.
Spear phishing:
This happens when the attack is against a certain group. It could be against employees of a company, customers of a specific company, or even a specific person.
Phishing clone:
This scam is all about cloning an original website to attract users. Generally, when accessing the fake website, the person enters their login and password data and these are used by cybercriminals.
Whaling:
The term comes from the word whale which in English means whale and is related to the size of the fish or rather the victim! This attack targets influential people. These attacks come masquerading as court subpoenas or internal corporate notices.
Vishing:
The letter “p” was changed to “v” because vishing uses voice strategies to apply blows. They can be accompanied by SMS or Whatsapp messages that say your card has been blocked or cloned and you need to call a certain number to ask for it to be released or exchanged, but you can also receive a direct call on your cell phone.
Pharming:
This is when DNS poisoning (the tool that translates IP numbers into domain names) happens and hits users on a large scale.
Smishing:
Name for phishing carried out via SMS.
How to protect your business:
Pay attention to spelling errors
Bad translations or poorly worded sentences are often used.
Don’t click on links
Always leave your mouse over the link and check if the link actually sends you to the official website.
Beware of attachments
If you suspect the sender, do not open the attachment, call someone from IT to review it for you.
Never give out personal information
Do not provide any personal data either by SMS, email or phone, always be suspicious when someone who already provides service to you (telephone operators, electricity, water) asks you for personal information.
Don’t trust the images
They can contain malicious code that can easily be installed on your computer to steal data and even keep an eye on you.
secure website
Check if a domain has the security seal that certifies that the hosting of the site is safe for the exchange of information between the user and the server.
Use anti phishing browser plugins
Use plugins and, each time you access a site, the tool will check if there is a record or evidence of this site in the blacklists.
Conclusion:
Following these tips can help prevent unwanted situations for you or your business. Today there are tests that can be run for prevention and user training to raise awareness and teach everyone within the company.
No responses yet