What is Phishing and how can we prevent it?

Today we have come to tell you what phishing is and how we can avoid being victims of this new form of deception.

Phishing is a new methodology that is being used to deceive, which consists of attackers sending a message which is considered as a bait to one or more people, whose purpose is to convince them to reveal personal information.

All this information obtained is then used to carry out fraudulent actions such as transferring funds from a bank account, making purchases with the affected person’s credit card or other types of criminal behavior that require personal data.

What is Phishing and how can we prevent it
Written by

Table of Contents

Most commonly used methods for phishing

One of the most common methods used by attackers for phishing is email. These messages are quite convincing for any person, since they can simulate that they were sent by an entity known and trusted by the users.

These entities can be a bank or a company in which the user usually operates. When the criminals send the message, they claim different reasons, either technical problems, update or revision of the bank account data.

After sending the message, they will want to modify or verify the personal data, so they will ask the user to enter a website, where he/she will enter his/her full name, ID number, passwords, among others.

This page is actually a forged website which pretends to be the entity that the person trusts. 

The design of the web page that pretends to be the entity in question, is very similar and often identical so that users can not realize the deception.
The main objective of phishing is the resemblance between the web addresses and the authentic site they are pretending to be.

Many times the link text written in the email is the real website address and when the user clicks on the link, being redirected to a fake page, which is controlled by the criminals.

Beware of Phishing Scam Emails - Concept credit card on a fishing hook on computer keyboard
Beware of Phishing Scam Emails - Concept - Computer Keyboard with red key that says PHISHING SCAM

Other forms of Phishing

Attackers have also been detected using phishing with text messages, which users receive on their phones or a communication on their answering machine.

And by similar techniques to those we have already mentioned, they will try to convince people to call back the phone number from which the call was made.

When the user does so, there will be an automated system saying that it is a trustworthy organization and asks for all personal data to be used without the person’s authorization.

How can Phishing be prevented?

The following are the best measures to prevent becoming a victim of phishing and try to minimize all the negative effects that can be caused by the attack.

When you receive an e-mail requesting personal or financial information, do not respond.

When we receive a message inviting us to access a website through a link included in its content, we should not do it. 

Since we have to be aware that many organizations that work seriously already know about these types of fraud and therefore, they never request personal information by these means.

They also do not contact users by phone, SMS or fax. At the same time, if you are concerned about your account statement with the organization that sent you the mail, you can contact them directly, using the known phone number.

Do not send personal information using e-mail messages

By e-mail, if no encryption or digital signature techniques are used, it is not a safe way to send any personal or confidential information.

Don't access from public places

Try to avoid accessing a financial institution or e-commerce website from a café or cyber cafe. The PCs installed in these places may have malicious software or hardware designed to capture people’s personal data.

If you need to use this means, you should know that many banking institutions have the possibility of using a keyboard that is on the screen, you should use it.

Verify the security indicators of the website we are entering and that asks us for our personal information

If it is essential to carry out a procedure or provide personal information to an organization through an Internet site, you should type the address yourself in the browser and look for the site’s security indicators.

When doing so, note that the address begins with “https://. Where the s indicates that the transmission of information is secure. It is necessary to verify also that in the inferior part of its navigator the closed padlock appears.

When clicking on this last one, we will be able to verify the validity of the digital certificate and thus to obtain information on the entity of the Web site to which we are going to accede.

Keep computer software up to date

It is necessary to install all the security updates that the operating system and all the applications it uses, mainly in the antivirus, the web client and the e-mail. 

Nowadays the systems can be configured with automatic updates.

Review all bank statements and credit card statements.

When unauthorized charges and transactions are detected, the issuing organization should be contacted immediately.
They can also be contacted if there is any unusual delay in receiving the statement.

Do not download or open files from untrusted sources.
These files could have a virus or malicious software that could allow an attacker to use phishing and gain access to the computer and all the information it may contain on it, be it bank passwords and our confidential data.

References

More about Digital Business.