How to protect from phishing

Sophos company, in its global Phishing Insights 2021 survey, revealed that phishing attacks increased considerably during the pandemic, as millions of employees working from home became the main target of cybercriminals.

Phishing is a type of online identity theft. This fraudulent action is characterized by attempts to illegally acquire a user’s personal data such as passwords, financial or banking information, credit card numbers, among others.

The scammer uses email, apps, and websites that are specifically designed to steal personal data, posing as a trusted person or company. When sending a message to an email, application or other tools, the cybercriminal waits until the recipient receives and opens the message, an action that in many cases is enough for the victim to fall for the fraud. In other cases, it is necessary for the victim to click on a certain link in order for the criminal to have access to the information they want.

“There is more than one way to make a victim fall and this type of crime is becoming more and more sophisticated. Digital scammers have become adept at making fraudulent emails look exactly like legitimate ones, often from companies or establishments you are familiar with and trust. Phishing emails are commonly masquerading as businesses, but social media accounts are also a trending target, as many users are more careless about protecting them, ”said Dean Coclin, DigiCert’s senior director of business development. .

Phishers will go after anyone, but they tend to target CEOs and CFOs, law firms, human resources, and financial institutions. In addition, in recent years digital stores and social networks have seen an increase in these attacks. These groups have customer data and confidential information that attackers are looking for and need to be on high alert to protect themselves from phishing scams.

While many people believe it to be the same thing, phishing is very different from spam. In practice, while spam is only related to a large number of emails and messages without any criminal purpose, phishing aims to harm the victim, accessing data and personal information.

Spam is quite common on the Internet. Every day, countless messages from websites, stores and applications fill the inbox of most users. It only has the inconvenience of inbox clutter, but does not pose any risk to the recipient.

On the other hand, phishing uses the sending of massive messages to deceive the target, inducing them to click on false links and / or provide personal information, always with the aim of harming the victim.

There is anti-phishing software on the market, with effective anti-spam filters, which warn of signs of irregularities in emails. As for websites, there are antivirus and firewalls that scan and report irregularities or block access when they detect any possibility of fraud.

By following these 10 tips, you are on your way to becoming an expert in phishing scam defense.

1. Instead of clicking a link in an email, open a new browser page and enter the address / URL of the site you want to visit. Sometimes a fraudulent link will be very similar to a trusted one, just changing a few imperceptible letters.
2. Update both your operating system and browser software. The latest versions of most browsers come equipped with anti-phishing filters. As attackers devise new attacks, software updates improve their filters.
3. Block pop-up windows when browsing the Internet.
4. Never enter personal information in pop-ups unless you are absolutely sure they are coming from your intended site.
5. For everyday computer use, use a standard user account instead of an administrator account. Switch to the administrator account only when administrator roles are required. This protects your computer by reducing access to critical administrative functions.
6. Delete and don’t open suspicious email messages. It can be tempting; sometimes the subject can be flashy or so generic that you want more information, but avoid the temptation and just delete it.
7. Accept only trusted certificates on web pages. Don’t ignore browser warnings. Do not simply dismiss the warnings you think you have seen without reading them carefully and without considering the implications.
8. Do not click on links that will take you to an unknown site or IP address.
9. Be aware of browser warnings. For example, Chrome displays a warning triangle with “Not secure” in the address bar if a site does not have the HTTPS security protocol enabled. Enable protection against malware. This can generally detect and deter most threats without doing anything.
10. If you receive a phishing email, please do not open it, click on any link or attachment, and delete it immediately. If you continue to receive suspicious emails, report them to the Anti-Phishing Working Group (APWG).