What Is Phishing, How Can It Attack You And How Can You Prevent It?
Today, we increasingly use online media to communicate, consume entertainment content or even to study and work. As we increase our use of digital technologies, we must also increase the precautions we take so that our Internet browsing is always safe.
To facilitate this task, in this article we explain what phishing is , one of the risks that we can most frequently find on the Internet. In addition, we also detail how you can identify it and we show you some good cybersecurity practices that will surely help you combat it easily.
Table of Contents
What Is Phishing ?
Phishing comes from a variation of the English word ” fishing ” (fishing), since the cybercriminal navigates the network with the intention of “fishing” for the private information of Internet users . They can face numerous problems by exposing their confidential information:
- Theft of personal data: passwords in accounts of all kinds, address, etc.
- Economic losses: in people who make purchases over the Internet without taking security measures.
- Impersonation of accounts: especially in social networks.
If you think about it, just like with fishing, for this to happen the target person must “take the bait”. What does this mean? Well, this type of attack manages to enter computers and mobile phones, simply, because the door is “opened” for them to enter the device ; for example, through risky behavior or poor security on the device.
Luckily, it is in our power to help make this threat disappear. It is not about abandoning the use of the Internet, but quite the opposite. The key is getting used to using electronic devices and connecting in a safe and responsible way, taking the appropriate precautions.
How Can You Suffer Such An Attack?
The best way to avoid being a victim of phishing is to know how cybercriminals who carry out this type of practice act and take care of the protection of our devices. Therefore, we will explain how they can enter your mobile phone, your tablet or your computer.
Surely, you have seen how many emails arrive in your inbox. Many of them may belong to your contracted entities (electricity, water bills, etc.). Others, on the other hand, may contain promotions in which you have registered in the stores. But what about the ones you haven’t “asked for”?
The most common entry mechanism for this fraud is email. It is a message that appears to be normal, but contains a somewhat suspicious link. One day you mistakenly decide to open it to see where it takes you and you end up on a page that, without asking your permission, downloads a virus-infected file.
Fortunately, it is not enough for the mail to arrive on your computer. To infect your devices, you need to open it and click on the link that appears.
By Phone Call
This practice acquires the name of vishing when it is done through a call. In this case, it is not something so automatic, since there is a person on the other end of the line who is executing that attack.
Through this technique, the cybercriminal can make you believe that it is a gas company, for example. To make you a supposedly more competitive invoice, it asks you for various information. As sales calls are very common, it is usual to provide the type of data requested. The most common thing is that they only ask for your name, your surnames and the DNI . With this information, it is enough for them to impersonate your identity wherever they want.
To avoid falling into this practice, it is enough to avoid providing personal data by phone unless you have contacted the company directly through an official channel.
By Text Message
Text messages (SMS) were left behind with the advent of free instant messaging applications. However, we still continue to communicate in this way with medical centers, stores and other similar entities. In addition, many times we receive advertising from telephone companies through this channel.
This situation is called smishing , and it works much like email attacks. Again, we receive a message (this time an SMS) with a link. If we click on this suspicious link we may be endangering our devices and the personal information we store on them.
For a Fake Website
A cybercriminal person can impersonate a page that you consult daily to enter your device. In this way, they simulate it in appearance and content so that it is difficult for you to tell the difference. Of course, it is always possible to detect some differences that help us identify impersonation.
Through Social Networks
Social networks are also not exempt from attacks such as phishing . Many times, they take advantage of the trust of the users to enter their system. To do this, they can impersonate the profile of one of your contacts in a very realistic way, with the same name, profile photo and biography.
When this so-called known person has approached us with a contact request, they will send a message with a link so that, by clicking on it, we can access the malicious website or agree to install something on the device. Of the routes that we have discussed, this is the one that is gaining the most popularity, but it is also the easiest to verify.
How To Prevent Phishing ?
Luckily, you can implement good practices so that cybercriminals have no place on any of your devices. Before teaching you how to do it, we are going to ask you to think about something that you have learned in this article without realizing it: What is the point that all the attack routes that we have mentioned have in common? Indeed: trust .
When you go down the street or enter a store, you never trust what they tell you at first glance. So why would you do it on the internet? To avoid risks, we suggest that you guide your actions online by three criteria:
Acting with control implies knowing which web page you are entering or to whom you are answering that email. For its part, caution requires that you do not click on links you do not know or that you do not give your data to unknown people. Lastly, collaboration is essential so that citizens can alert the authorities to an attempted attack.
Avoid Being Attacked By SMS And Email
A fraudulent email or SMS usually presents several symptoms that you can learn to identify. Do not trust if it deals with any of the following topics:
- Confirmation of an account on a web page that you have not accessed.
- Notifications from the Treasury (neither the Andalusian nor the Spanish Tax Agency requests data through these channels).
- Labor circulars addressed to all workers.
It is also important that you delete emails or messages that have a suspicious link or a poor quality corporate image. Likewise, misspellings or inconsistent messages are clear indications that something is wrong.
Protect Yourself Against Phishing And Fraud on Social Networks
A fraudulent call can have many different symptoms. The most important thing you can detect by knowing who is calling you (supposedly). Here are some examples:
- A utility company: asks you to download an app to get a refund.
- A bank: requires your account or card number to make some validations.
- An official entity: such as the police to identify you by phone.
On social media, you can prevent phishing by not accepting friend requests from unknown people . In turn, you should be wary of messages that contain statements such as the following (which often contain links):
- “Are you really the one in this video?”
- “Congratulations! You are the customer number 1000 and you have won a raffle ».
- “In order for you to continue using your account, we need to verify your identity.”
Detect Fraudulent Web Pages
You will know that a website is false when it does not have these three aspects:
- The lock icon next to the address: It means that the page has a security certificate.
- The term “https” (note, not “http”) at the beginning of the link: Implies that your data is not exposed.
- The legal notice in one of its sections: All websites are required by law to identify their manager.
Online banking websites are, by their very nature, the most secure . However, they may also have been impersonated, so it is always recommended that you call the entity if you have doubts about the veracity.