Phishing

Phishing is a cyber attack created to practice online scams; Attackers use deception and social engineering to manipulate their victims into giving them sensitive personal (confidential) information.

The aim of phishing is to obtain private data from its victims, which they give to them after being scammed, and to make use of this private data to obtain an illegal financial advantage.

1. spam and phishing

Both terms are hand in hand, given certain aspects, but the truth is that spam is much less dangerous than phishing for obvious reasons.

Spam is a nuisance and sometimes fills our inbox with unwanted messages announcing products or false promises. The intention of spammers is to convince the victim to buy something.

In turn, phishing is clearly an unwanted message (spam), but in this case the goal is to steal user data (usually hackers try to gain access to bank accounts and steal money).

2. How to detect phishing?

Phishing uses social engineering to commit fraud, using confidence or human mistakes. Here are some of the main features that will help you detect a phishing attack, so that you don’t fall into the trap.

• Unexpected contact. If someone contacts you unexpectedly without your asking, it’s time to turn on the warning bell.
• They will try to convince you that it is an urgent message. Phishing attackers create a feeling of urgency in their victims, if someone pressures you to do something that you normally would not do, this is probably phishing. In many cases, they request private data through messages saying your credit card will be blocked or asking you to update your bank information.
• Unknown senders. As a general rule, the email they send with the intention of phis information comes from an unknown sender.
• Supplanted identity. In a phishing attack, attackers can supplant the identity of a company or person the victim knows, so they can gain the person’s confidence.
• Be careful with links and attachments. Phishing emails usually include links to other sites or attachments, pay special attention to this.
• The message includes strange content. If you stop to read a phishing email carefully, you are very likely to identify spelling errors or other problems. Similarly, they offer awards, gifts and draw in which you have not participated.

3. How to avoid becoming a victim?

To avoid becoming a victim from phishing, there is only one solution, not using an email account. But as this is not viable, let’s give you some very useful tips so you don’t fall into this kind of phishing trap:

• If you suspect that the message you received is false, contact the bank or entity that allegedly requested the information to report the phishing attempt.
• Don’t believe this kind of threats, as they will try to create confusion and concern to steal your information.
• Don’t open emails from unknown senders and if you receive a suspicious message, immediately flag it as spam.
• Hover your mouse cursor over the links and check if they are suspicious. But above all don’ open the links.
• Pay close attention to the sender’s domain. It is common for them to use addresses and domains very similar to the real ones, but if you pay attention to the URL, you will detect that it is not the official website.
• If you receive attachments from unknown senders and open them, it may put your device at risk. As a general rule, don’ download or open these files.

4. Types of phishing

There are different types of fraud within phishing, based on the way the attack is done (other channels besides email can be used) and how data is collected, but in general, we can find:

• Phishing on a website: Using copies of a real site, created with the same layout used on the official website that the victim knows, they collect data from the visitor. Pop-up or emerging windows are also common in phishing techniques used on websites.
• Phishing by email: Emails are the most common method in phishing attacks, hackers usually send links to malicious websites or attached files with malware.
• Phishing on social media: In this type of attack, hackers can send links to the target account or even steal login data to publish false content and induce other victims to fall into the same trap.
• Smishing: It’s phishing sent by SMS. That is, the victim receives a text message with a link to download an app. That is, the victim receives a text message urging them to click on a link or download an application.
• Vishing: It is the abbreviation of “Voice Phishing”. In this case, they will call the victim and try to convince them to reveal confidential information. Many automatic calls are vishing attempts.