The Internet and new technologies have brought us many good things, but they also bring with them a series of risks that we must be careful about. In recent years the number of phishing crimes has increased, so it is convenient to know this figure to be aware of how we can avoid being victims of this cybercrime.
What is phishing? Know the characteristics of this practice
This is a criminal practice that uses the technique of identity theft to obtain your personal data.
It seeks to deceive the victim so that she is the one who gives the offender access to her confidential information. In most cases, what hackers are looking for is to have access to bank account information in order to steal the money.
Bank phishing: how they try to steal your bills?
Obtaining the victim's personal data can be done for different purposes. For example, obtaining compromised photos or videos of you to later carry out blackmail.
But the truth is that in most cases it is a bank phishing in which the criminal wants to deceive the victim by posing as their bank to obtain their data and passwords and then be able to withdraw money from their accounts.
In most of these cases, the crime follows the following scheme:
First, the victim receives an email or SMS that supposedly comes from a bank.
Although there are cases that are easily detectable as fraud attempts, criminals are increasingly careful and try to ensure that the message that reaches the future victim is as faithful as possible to a message that a bank could send, using its logo, the same font, etc.
Normally, the message indicates to the recipient that there has been some kind of problem with their account and that they need to access the web to solve it.
The message itself contains the link that the user must follow. By clicking on it, the subject is redirected to a website that is actually not the real page of that bank. There he will operate normally, indicating his personal data and even his access codes, a moment that the criminal who has sent the message will take advantage of to keep all that information. Then, he will be able to access his victim's checking accounts and empty them before he realizes what has happened.
What are the most common examples?
The case of banks is very frequent, but it is common for criminals to use the name of other large companies to try to defraud. The messages can arrive on behalf of electricity companies, PayPal, Netflix, Amazon, etc.
Since they are large companies, it is quite likely that the recipient is or has been a client of theirs at some point, so they are more likely to fall into the trap. Some even try to impersonate the Tax Agency itself, assuring their victim that she must provide an account number for the Treasury to return a certain amount of money.
But the operation is always the same. We are notified that there is a problem and we are invited to click on a link, once we do, we land on a website where they are going to ask us for personal data of some kind.
It may also happen that after clicking on the link we are not asked for more information. In this case it means that it is possible that by clicking we have allowed some type of malware to install on our device, which will give you access to much more personal information.
Differences between phishing attacks and malware
Phishing is an attack designed to obtain personal data from the victim and thus have access to their bank accounts, their social networks, WhatsApp, etc.
While malware is malicious software that takes control of the computer to extract data and evenso to continue infecting other computer equipment. Malware can be part of a phishing attack, but it can also operate independently.
How to avoid computer phishing
Now that we know what this crime is all about, it's time to take action to avoid falling victim to it. Here are some tips:
- Check your computer's security, keep your antivirus updated and always use the most up-to-date version of both web browsers and your computer's operating system.
- Do not click on the link in any email, no matter how safe it is. If you have to go to a website, do it from the URL of the browser.
- Remember that no company or bank will ever ask you via email or SMS to give them your personal data.
- If you have received a communication and have any doubts, visit the sender's website and formulate your query there to find out if that message really comes from that company.
- Periodically check your bank accounts to make sure everything is in order and no irregular transactions have occurred.
- If you have open social networks, check them periodically to make sure that no one is posting on your behalf.
- Use a different password for each online service and change them periodically. There are password managers or administrators that can help you in this task.
- If you have received a suspicious document, open it in Google Drive. This makes it an image or an HTML document and makes it more difficult for it to install malicious software.
- When in any doubt, do not do anything with the email, do not forward it, do not reply to it or click on any links.
- Notify the company the email is supposed to come from so that they are aware that their name is being used for criminal purposes and can thus issue a notice.
Steps to report
You can report these crimes without leaving home. As we have just pointed out, a good way to raise an alert is to contact the company that is supposed to send the message and inform them about what happened. This will take measures and warn publicly so that no one is a victim of the crime.
Save the email and inform the State Security Forces and Corps so that they in turn investigate and issue a notice to prevent potential victims.
Protect your social profiles on Facebook and Instagram
There are many reasons why a criminal might want your social network passwords: to impersonate you in order to troll your friends and acquaintances, to gain access to private information about you, or even to use your account for illegal purposes. criminal.
Keep in mind that neither Facebook nor Instagram nor any other social network will ever ask you for your passwords by email or SMS. Do not give your password to anyone and change your passwords from time to time. Also, don't use the same password on more than one social network at the same time.
How does phishing happen from Gmail?
Google's email service is so widely used worldwide that it is not surprising that it is one of the recipients of the most phishing attacks.
In these casessometimes the email account of someone you know is used, so you don't doubt its legitimacy.
The email usually has an attached file and it is when you click on it that the attack occurs, since for the download it will ask us for our password.Aseña and, since we have not suspected anything, we are going to give it to you.
Without our being aware of it, we have given the offender access to our email account and now he will be using our address to send messages to our contacts and obtain their data at the same time.
But things can get even more complicated. If that Gmail account is the one we have to access our social networks or the hosting service where our blog is hosted, the criminal can access all of it immediately.
Other tips for recognizing phishing and spam
Although spam is less harmful than phishing, it is also not pleasant to be constantly receiving advertising that does not interest us at all.
Specialists advise that in order not to be victims of online fraud, we should always pay close attention to the websites to which messages are redirected. Ideally, we should not click, but if we have, before doing anything else, we must verify that the website is really that of the company.
There are websites cloned so well that they are almost indistinguishable from the original ones, but there is always a small change in the url that can make us doubt. For example, that the url instead of being www.amazon.com is wwwamazon.com.
On the other hand, check the message you received carefully. It is normal that there are spelling or grammar errors that should alert you. A typical case is an email in which words that should have Ñ use an N instead.
Think that a serious company or even a Public Administration will never send you careless communication with errors.
Finally, be wary if the message tries to sell you a sense of urgency, with messages like: “log in to your account in the next hour or all your data will be lost”. What they want is for you to act on impulse and not take precautions.
Phishing is the order of the day and is becoming more and more sophisticated. But with a little care on our part, and by following these tips, we can avoid falling victim to it.
12 Frequently Asked Questions about Phishing
1. What exactly is phishing?
Phishing is a deception technique used by cybercriminals to obtain sensitive information such as passwords, credit card details, banking information, and other personal details. This tactic typically involves creating a fraudulent message or website that impersonates a trusted entity, such as a bank or social network. The attacker sends messages, typically emails, trying to persuade the recipient to click a link, download a file, or provide personal information. Once the user follows the attacker's instructions, her data is compromised and can be used for malicious purposes, such as financial fraud or identity theft.
2. How can I identify a phishing attempt?
Identifying a phishing attempt can be challenging due to the sophistication of some attacks, but here are some common signs to look out for:
- Suspicious email addresses: Phishing emails often come from addresses that try to mimic the official ones, but with slight variations or misspellings.
- Urgent requests: Messages often have an urgent tone, putting pressure on the recipient to act quickly.
- Grammatical and spelling errors: Although not all phishing attacks have errors, many have grammatical or spelling errors.
- Deceptive links: Hovering over a link (without clicking) can reveal where it's actually going to take you. If the address in the link seems strange or doesn't match the entity that supposedly sent the email, be wary.
- Requests for personal information: Legitimate entities, such as your bank, will generally not ask you to provide sensitive information via email.
3. Why is it so important to protect against phishing?
Protecting yourself from phishing is essential due to the invasive and destructive nature of these attacks. By falling for a phishing attempt, individuals not only risk losing money or falling victim to financial fraud, but may also face damage to their reputation,loss of privacy and a long process of identity recovery. In addition, companies can also experience data breaches, which can result in legal penalties, loss of customer trust, and damage to brand reputation. In short, phishing can have devastating consequences on both a personal and professional level, so it is crucial to take preventive measures.
4. What kind of information do cybercriminals seek with phishing?
Cybercriminals who use phishing tactics often seek a variety of personal and financial information. Some of the most sought after data include:
- Passwords and usernames.
- Credit or debit card details (numbers, expiration dates, CVV codes).
- Bank information, such as account numbers and access codes.
- Personally identifiable information, such as social security numbers, dates of birth, and addresses.
- Data from online service accounts (for example, streaming platforms, online stores).
This data allows cybercriminals to carry out fraudulent operations, steal identities or sell the information on the black market.
5. Do all phishing attempts come via email?
No, although email is one of the most common tools for phishing attacks, it is not the only one. Cybercriminals also use:
- SMS phishing (or smishing): This is when you receive text messages on your mobile that try to trick you into sharing personal information.
- Vishing (voice phishing): It is an attack through phone calls where fraudsters pose as legitimate representatives to obtain data.
- Social media phishing: Where attackers use fake profiles or direct messages to trick victims.
- Phishing in messaging applications: Such as WhatsApp or Telegram, where malicious links or files are shared.
It is crucial to be vigilant in all communication channels so as not to fall for these tactics.
6. How does phishing affect mobile devices?
Mobile devices, such as smartphones and tablets, are frequent targets of phishing attacks due to their popularity and the fact that many people use them to access their personal and financial accounts . Some of the risks include:
- Smishing: As mentioned above, it is a form of phishing that uses text messages to trick victims.
- Malicious applications: Sometimes, attackers distribute applications that mimic legitimate ones to steal data.
- Malicious links in messaging apps: Attackers can send links that, when opened, install malware or redirect to phishing sites.
- Unsecured Wi-Fi: Connecting the device to public Wi-Fi networks can expose it to middle-of-the-road phishing attacks, where the attacker intercepts the communication.
It is essential to keep mobile devices up to date, be cautious when downloading apps, and avoid clicking links or downloading files from unknown sources.
7. What is spear phishing and how is it different from regular phishing?
Spear phishing is a form of phishing that specifically targets individuals or particular companies. Unlike regular phishing, which spreads to a wide audience in the hope that some victims will fall for it, spear phishing is highly targeted and based on prior research on the victim. Cybercriminals can use personal information they have collected, such as name, title, colleagues, and other information, to make the message appear more legitimate and convincing.
8. I clicked on a suspicious link, what should I do now?
If you clicked on a link that you think is suspicious, follow these steps:
- Immediately change your passwords, especially those of the most important accounts like emailbanking and social networks.
- Perform a full scan with your antivirus and antimalware software to detect potential threats.
- If you have downloaded any files, do not open them and delete them immediately.
- Monitor your bank accounts and credit cards for any suspicious activity.
- Consider enabling two-factor authentication on your accounts to add an extra layer of security.
- Educate yourself and stay up to date on the latest phishing tactics to be more prepared in the future.
9. Can antivirus software protect me from phishing?
Yes, many modern antivirus programs include features designed to protect against phishing. These solutions can:
- Identify and block known phishing websites.
- Scan links in emails and alert you if they look suspicious.
- Protect your personal and financial data by preventing it from being shared with unsafe sites.
However, it is important to remember that no software is foolproof. The best protection against phishing is education and healthy skepticism. Always check links and requests for personal information before acting.
10. How can I educate others about the dangers of phishing?
Educating others about phishing is essential to prevent potential attacks. Here are some recommendations:
- Organize workshops or seminars on cyber security.
- Share educational resources such as articles, infographics, and videos about phishing.
- Uses real examples of phishing attempts to show how to identify them.
- Recommends tools and browser extensions that help detect phishing sites.
- Foster a culture of not clicking links or downloading files from unknown emails.
11. What additional steps can I take to secure my personal information online?
Securing your personal information online is critical. Here are some additional tips:
- Use strong, unique passwords for each account and update them regularly.
- Enable two-factor authentication whenever possible.
- Avoid using public Wi-Fi networks for sensitive transactions or accessing important accounts.
- Regularly update software, browsers and operating systems.
- Limit the amount of personal information you share on social media.
12. Where can I report phishing attempts?
If you suspect you've been the target of a phishing attempt, it's important to report it. You can do it at:
- The Group of Telematic Crimes of the Civil Guard or the corresponding police force in your locality.
- The Anti-Phishing Working Group (APWG) platform that collects and analyzes phishing attempts globally.
- To the security or technical support department of the company that supposedly sent you the email.
- The Internet User Safety Office (OSI) offers resources and guides on how to act in the event of these incidents.