Phishing

!! Click here to discover our new eBook about Phishing. Free for the first 50! Limited time only !!

You were tempted to click, weren’t you? You shouldn’t feel bad because a lot of people fall into such traps. I offered you something valuable, free, but for a limited time. Cybercriminals are aware that it is easier to fool people than to break through security technology.

According to the FBI, phishing was the most common type of cybercrime in 2020, and phishing incidents nearly doubled in frequency, from 114,702 victims in 2019 to 241,324 victims in 2020.

So, what is phishing?

Phishing is a method of trying to gather personal information using deceptive e-mails or websites. What makes your data so valuable? Your data is considered a resource. A resource that helps them steal your money and/ or sell your data to advertisers. As in fishing, the fish will be caught if the fisherman has good bait. There are several types of phishing: vishing (the telephone equivalent of phishing), whaling(a method to directly target important individuals within an organization), smishing(via text or SMS message), pop-up phishing, and so on.

Why people click?

People believe the sender is legitimate, so human error leads to the success of cyberattacks. Distraction is one of the main reasons people fall for phishing scams. Imagine! You have a deadline, you are stressed to finish your task, and at the same time a colleague writes to you and asks for your help. Two minutes later, you receive an email: “We’ve updated our login credential policy, please confirm your account by logging into Google Docs.”. You click quickly, don’t waste time, enter your password. And ready, you were caught 😀 Distraction is quite a common occurrence for all the remote workers. More than half of remote workers today admit they are more distracted when working from home.

How can we avoid these attacks?

Be up to date with new techniques

New phishing scams are being developed all the time. The best protection against phishing is knowing how to spot it in the first place. Here you can find some of the latest trends.

Verify the sender

Always verify the sender and the request is legitimate before taking any action. Don’t open attachments, click on links, and so on. No legitimate organisation will send emails from an address that ends ‘@gmail.com’. Most organisations, except some small ones, will have their own email domain and company accounts. If the domain name (the bit after the @ symbol) matches the apparent sender of the email, the message is probably legitimate.

Verify the links

A phishing email may claim to be from a legitimate company, and when you click the link to the website, it may look exactly like the real website. Never click any link without checking it out. You can hover over links to verify they are correct. Look for different changes in spelling, special characters, numbers in addition. You can also verify links here: virustotal.com

Stop, think twice before you click!

If the email is urgent or trying to get you to act fast, stop and think about it. Who they are and what they want from you. Most phishing emails will start with “Dear Customer,” so you should be alert when you receive these emails.

Use Antivirus and Firewalls

Antiviruses scan files which come through the internet to your computer. It helps to prevent damage to your system, whether it’s a PC or a phone. If you make transactions or open emails from your phone, you have to be careful here as well. Firewalls provide protection against outside cyber attackers by shielding your computer or network from malicious or unnecessary network traffic.

Never give your personal information

We shouldn’t send personal data, such as a photo of our credit card or identity card. We should do this only if we have checked the above points and are 100% sure that is ok and necessary.

Don’t be swayed just because a correspondent seems to know a lot about you. These so-called “spear-phishing” attacks are a fraudulent practice of sending emails ostensibly from a known or trusted sender to induce targeted individuals to reveal confidential information.

You don’t have to wait to be attacked. You can train by taking this quiz or something similar.

Stay safe!