What Is Phishing: How To Recognize It And Tips To Avoid It
Phishing is the computerized term for a phishing technique by which criminals fraudulently attempt to obtain confidential information. The term derives from the English word “fishing” because that is precisely what the scammers try to do: they throw a hook to try to “fish” your data.
Access codes to online banking, credit card data, identity documents. Are examples of sensitive information that can be stolen with this technique, which can also infect your computer or mobile device with some type of malware.
In 2018, there were some 500 million phishing attacks worldwide, according to a report by Kaspersky Lab, with the financial sector being the most affected: more than 44% of the attacks were directed against banks, payment systems, and online businesses.
The most used way for a phishing attempt is through email, although it is not the only one. Criminals also try to access your data through false profiles on social networks, sending SMS to our mobile phone (a practice known as smishing ) or through phone calls.
How to recognize a phishing attempt
Cybercriminals continually hone their techniques, and it is sometimes difficult to tell a fake email from the original, but some clues can help you recognize that you are being the victim of a phishing attempt.
- Sender’s name: If the email sender address is unknown or has a strange format, doubt that the email is authentic, as well as whether it does not include the domain of the entity that supposedly sends it to you or if it comes from a free email service like Gmail, Yahoo or Outlook.
- The arguments they use: Scammers will try to convince you of the need to urgently provide them with your personal (or bank) data, alluding to an alleged technical problem, a change in the entity’s security policy, abnormal access to your account or suspicious movements, the imminent deactivation of your account, the promotion of a new product and even the communication of an alleged prize or a false job offer. The usual thing for these messages is that they are written in an alarmist tone, urging you to act immediately with notices that if you do not click on the link or do not send your data, your account will be canceled or you will have to pay a fine.
- Differences between the link text and the URL it points to: The scammers will try to make you click on the link included in the email to take you to a fraudulent website with which they are trying to impersonate the real one. You can check the address of this link by placing the mouse pointer over it: if you see that it does not match the text of the link, it has a suspicious format or it does not start with https (the “s” guarantees that the destination website is a secure website) don’t click on it.
- Spelling mistakes or bad writing: Normally, to design their “hook” messages, criminals use automatic tools that integrate translation functionalities, so you will likely see poorly translated words, expressions that sound strange in Spanish, misspellings, words with strange symbols, etc.
- A non-personalized message: If the greeting is a generic of the type “Dear customer/user” or “Dear friend”, be suspicious.
- The extensions of the attached documents. Suspect that you are facing phishing if the email you receive asks you to download a file that has more than one extension (similar to “filename.doc.zip” or is a compressed file (type .zip)) or executable (.exe) Do not download it since it is possible that it is a malware that infects your computer, or if you do, pass it the antivirus before opening it and executing it.
Also Read: Cybersecurity Trends For 2020 And 2021
What to do if you think you have received a fraudulent email
If you have received an email with any of the characteristics described above, the recommendation is,
- Ignore the request for information that is requested in the email or respond to the email or click on the links
- If there is an attachment, do not open or download it
- Delete the suspicious email
- Pass the antivirus to the mobile or computer.
What to do if you have been the victim of a phishing attack
If you have fallen into a phishing type deception, the advice is that you collect all the related information. The email received the web page to which this link, the documentation you have sent.
If it is a bank phishing, contact your bank to inform them of what happened and to take appropriate security measures. For your part, immediately change the keys of the affected services (your access to online banking, your credit card passwords, etc.) and periodically check your accounts in case you detect any suspicious movement.
If what you have provided is other types of personal information, please contact the appropriate entity to inform them that you have been the victim of a phishing attack and tell you how to act.
Keep in mind that if your computer has been infected by a virus or malware due to phishing, you will have to disinfect your computer with an antivirus. Phishing attacks are a common practice and we can not prevent fraudulent messages from arriving at the inbox of our e-mail. However, being alert and following these tips you can avoid falling into the traps of cybercriminals.