Tips and tricks on how to identify phishing emails and save the sensitive data.
To take the bait and to become a victim of phishing attack is very simple, especially after a hard day's work, when your attention is reduced, and information security is the last thing you want to take care about.
Phishing is a type of internet fraud that uses a number of techniques, including psychological methods of deception. Its aim is to make the target to disclose private information (credentials, website accounts) or download malicious software onto the computer.
Despite the fact that any digital media can be used as a channel for phishing attacks, including smartphones (apps for messaging, such as WhatsApp, Viber or SMS), the main channel for fraud is email. Billions of phishing emails are sent every day in the form of targeted attacks on major companies and in the form of simple fraudulent messages that are sent to all in a row.
Here is just one example of phishing email message that my friend recently received:
But my friend didn't order anything at eBay. This is a standard phishing tactic to cause the sense of alarm that someone behind you is doing shopping with your credit card. That makes you think that your confidential data has been stolen. It is the worst nightmare in the digital era. Most of these attacks are primitive, although more sophisticated emails look like real payment documents from major online stores. For example, Amazon.com. Phishing email message looks identical to real email message from Amazon.com with only one difference - the email address of the sender (email@example.com) has nothing to do with the online store, because the domain name is wrong. It's the little things that are easy to miss in a similar situation, when you think that your bankcard data was compromised.
Phishing attacks can either get you to a fake website that looks just like the original one, where the attacker will try to get your credentials, or, as in the case with my friend, may ask you to click on the link that leads to download malware. The link in my friend’s phishing email message leads to Dropbox.com instead of eBay.com, as it should be if this message came from the e-commerce company for real.
Для обеспечения надежной защиты полагаться только на антивирус нельзя. В то время как антивирус может справиться с теми угрозами, которые ему известны и занесены в базу данных, создаются новые вредоносные программы, специально для того, чтобы такую защиту обойти. Проще говоря, конечный пользователь просто должен оставить ссылку в покое, если есть сомнения в ее подлинности.
File sharing sites are a kind of repository for infected files and malware. It's better not to download suspicious files clicking on such links if you didn't take the necessary precautions. In some cases, even a simple file downloading leads to the computer infection. Do not rely only on an antivirus to provide strong protection. While antivirus software can deal with threats that are known and recorded in the database, new malicious programs are created especially in order to circumvent this protection. In simplistic terms, an end user has to leave a link alone if there are doubts about its authenticity.
I often send my friends links to Dropbox via email to specific files or folders that I want to share. That's why the substance of an email message and its context are playing a major role in the implementation of phishing attacks. Perhaps this is why such problems are difficult to solve. Well-prepared phishing emails are virtually indistinguishable from real emails. Just one mistake (click) and hackers already have access to your bank account or email.
Here are some simple key points to avoid becoming a victim of phishing:
Keep calm if you receive a strange email message, for example, about purchasing of goods that you have not purchased. This is done in order to force you to compromise your personal data.
Check the sender's address.Just because sender's name is John Doe, you can see that this is a real person with whom you spoke earlier. If an email message arrives on business issues, make sure that domain address is correct.
Make sure that the links lead to the pages referred to in the message, or where you think they might lead. It's easy to make an HTML-link which shows you one website and leads to another.
If an email message looks suspicious, but it came from someone familiar to you, it is better to use other available methods of communication (phone call, SMS, or messenger) to ensure that this message is not a fake, and it is not the result of hacking your friend or colleague’s email account.
Today, well-planned attacks are in high demand. Usually hackers use unexplored vulnerabilities for that. Despite the long history, this simple method of phishing attack, which can be carried out without any particular technical and financial expenses, still successfully operates.
Knowledge is the best way to deal with phishing attacks, so make sure that the recipients of your emails know how to detect such attacks and how to respond to it.