Have you ever been a victim of fraud via email? This type of fraud is known as phishing and is becoming more common and dangerous every day. It is a method used by cybercriminals to deceive users, showing them information that seems like it comes from a known company, thus, they get confidential information such as credit cards, social security numbers or bank account numbers.
They usually send you an apparently corporate email (for example, an email from your bank) where they will direct you to a fake website, and kindly ask you to update your password, validate information about an account, or the most attractive ones offer you gifts, among other things, which will then allow hackers to keep your data.
In some cases these attacks are easy to detect, however, in the day to day especially during working hours, we do not have time to look at small details. Spelling errors, unofficial URLs of companies that claim to be, or sometimes very similar addresses but not exactly the same, are the main indication that something is wrong.
There are not only produced via email we can find several types:
Types of phishing attacks:
- Deceptive Phishing: This is the traditional type that we described above, the aim of the attacker is to obtain personal information from the user either by trying to get the user to provide it or by redirecting it to a fake website in order to obtain said information.
- Spear phishing: This type of attack is usually more personalized and may include more personal information such as the name of the victim, phone or workplace. Spear phishing can come with names of known people, where they tell you that they attach a file that may be common for you, but this can be infected. These types of attacks are much more difficult to detect.
- CEO Fraud: It works in the same way as Spear phishing, but in this specific case, the attacker pretends to be the CEO or someone with a relevant position, where they requests confidential information and that the employee will believe that must be given as someone with decision-making power in the company.
- Smishing: This type of attack is produced by SMS. They usually offer prizes and to receive it, the victim has to click on a link, reply to the message or call a phone number.
- Vishing: This type of attack differs by being through a typical telephone call, where the attacker, as well as via e-mail, seeks to obtain certain personal information.
- By search in the browser: the fraud occurs in the same way with a fake site, but in this case, the hacker uses SEO and SEM techniques to position his false site and thus the user finds them among the first options of what you are looking for
- Pharming: This type of attack manipulates the hosts files or Domain Name Systems (DNS) to redirect a specific domain name to the one chosen by the cyber-attacker.
What to do to prevent it?
- Recognize and identify a possible phishing: some details that can help us detect an email of this type:
- The URL address is different from the official website of the company where it says it is. The difference can be minimal: an “i” in uppercase (I) looks like a lowercase “L” (l).
- They usually offer gifts or ask to update data, which is rarely requested in this way.
- Check the wording and language: often this type of emails have some details in the wording or language, if you see an email from your bank written in another language, this can be a clear sign of phishing.
- Enter your confidential data only on secure websites: In addition to checking the domain, check that the website is secure and that it starts with https: //
- Use two-factor authentication for all the services that allow it, especially for those who handle financial information.
- Check the shortened URLs: if you see an abbreviated URL on a social media or it arrives by mail, there are websites that allow you to see the full address, that will allow you to see where you are redirected.
- Open documents with other online documents viewer such as Google Drive: If it is usual for you to receive files from different contacts, you can open it first in an online document reader which will prevent some malicious software from being installed on your device.
- Frequently update all the operating systems, browsers and applications that you use, thus avoiding vulnerabilities.
Cyber attacks are becoming more sophisticated every day and we can easily be deceived, but if we take the necessary preventive measures and are aware of how they are evolving, we can go a step further and thus reduce the risk of being the next victim.