Since we were confined to home, we have seen an increase in cybercrime and attempted phishing scams.
Almost every day we have a new scam to warn and report on, a hoax to disprove so that cybercriminals do not achieve their goal: Your contact details, your bank details, and/or your money. And it seems that the confinement caused by the Coronavirus and the general climate of concern about the global pandemic and the extraordinary crisis we are experiencing is being great ammunition for hackers, who resort to fraudulent emails or messages on networks and messaging apps Posing as legal businesses, large companies, or well-known firms.
How a Phishing Scam Works
The links above are examples that we have given of attempted scams via Phishing, which usually start by sending a fraudulent email or text message imitating and using without permission the image of a well-known organization, company, or company. They can be parcel shipping companies, banks, VOD platforms, the Police, the DGT, etc. Or directly someone identifying as a cybercriminal.
1) The Message to Scare
The grace of the mail or message is that it seems legitimate, so it uses " graphic content and texts that try to reproduce the company's communications ", with the aim of deceiving you. Once your attention is captured, if you open the email or text message, you find a message designed to scare you, instill fear, and confuse your reasoning.
2) The Phishing Link
The message demands that the victim go to a website and act immediately or will have to face some economic or judicial action. If a user falls into the deception, he will be taken by clicking on the link where he will be sent to a page that is an imitation of the legitimate one. From here, you are asked to sign in with your username and password credentials. Or use bank details. Or directly demand a ransom from you for unlocking your device, for not revealing compromised material - photos, adult content websites visited.
3) The Fraud
If the user still fails to detect the deception, the login information reaches the attacker, who will use it to spoof identities, sell personal information to third parties, etc. The Phishing will have been successful and you may have unknowingly given private details, bank passwords, and even money.
Tips to Avoid a Phishing Scam
1) Mark It as Spam
If you identify or know that an email is a pure spam, mark it directly as SPAM so that it goes directly to the junk mailbox. This tray protects you from suspicious content that contains malware or links that redirect to fraudulent pages with the intention of obtaining your personal data in order to impersonate us. Be very careful about the possibility of downloading some type of attachment, because they can / usually contain dangerous malware, such as ransomware or some online threat.
2) Don't Just Rely on Passwords
When possible, it is recommended that you always use multi-factor authentication such as Google Authenticator or Microsoft Authenticator, to manage account sign-in. These apps allow you to connect quickly and securely, through single-use codes or biometric authentications -such as face or fingerprints- to devices, applications, and browsers, without the user having to remember additional passwords.
3) Stay Tuned for Suspicious Emails
Be wary of all links and attachments, especially when the user is not expecting an email, for example, from the bank of his credit card or a financial institution. In these cases, it is recommended to apply additional scrutiny to links and attachments, such as direct double-checking with the sender before opening or downloading an attachment.
4) Inspect URLs Carefully
Mouse over links to inspect the suspicious URL before accessing the website and verify that it is directing you to the site you expected. URL shorteners provide a lot of conveniences, but can make this check difficult. If the user is unsure, instead of clicking on a link, it is recommended to use a search engine to reach the legitimate website and log in from there.
5) Be Wary of Attachments
If the user has not just made an online purchase, they should not be fooled by receiving an email with an invoice from a company. Sending false invoices for this type of service is one of the methods most used by cybercriminals to deceive people into opening a malicious file that could infect their computers with malware.
Malicious attachments can also contain links that download and run malicious programs. For example, PDFs containing innocuous-looking links have been detected, leading users to accidentally download malicious software designed to steal their credentials.
6) Keep the Software Up to Date
Installing a current and updated operating system on the computers gives us the latest updates and security functionalities, and with built-in antivirus protection, either on mobile or PC.
Comments
Post a Comment