Due to the coronavirus epidemic and the fact that most of the globe is in a kind of quarantine, the percentage of the population that turned to the Internet as a place to find information or work from home increased dramatically. However, it seems that the online arena has become more than ever a suitable place for cybercriminals who have used the new reality to increase their (illegal) activities.
One of those illegal activities is definitely sending phishing emails. In the past period, we witnessed that this type of cyber attack did not bypass our country either.
These phishing campaigns contained email messages that required the recipient to either enter user data or download an attachment containing malicious code that runs in the background.
What is PHISHING anyway?
Phishing is a type of fraud where a cyber attacker, posing as a trusted institution or company, tries to obtain important information, whether credit cards and login data or infect the recipient’s computer through an attachment containing malicious code.
The word phishing itself is a combination of the word “fishing” which in English means “fishing” and “phreaks” as hackers used to call themselves. The first phishing emails appeared as early as 1995, and in 2019 alone, more than 114,000 people were “caught” in America, which caused a loss of almost 58 million dollars.
Phishing emails usually contain an urgent call to action, so these messages indicate that the account has apparently been compromised, that it is necessary to update the system, and the like.
How does a phishing attack work?
A cybercriminal can launch a phishing attack on a specific business to steal data that may be of a financial nature or, more often, steal data related to a list of customers. Based on the “captured” information, the door is open for a phishing attack on the users themselves. Bearing in mind that cybercriminals already have access to information about the business – the email message that users receive is more authentic, and the recipients of such messages will fall into the “trap” sooner. In addition to phishing attacks that occur within email inboxes, similar attacks can also occur on social networks.
How to protect yourself from Phishing attacks?
Pay attention to the sender of the email
Phishing emails usually come in a form that looks like a message sent by a trusted organization and says that something is wrong with the account and that it is necessary to log in to solve the problem. If you receive an email like this, the first step is to check who sent the message. If the message came from the organization’s official email, which also contains the domain name, e.g. [email protected] email is safe, and your reaction will not lead to unwanted consequences. On the other hand, if the sender uses an email that is not official, e.g. [email protected] is definitely a phishing email, you should ignore and delete it.
Don’t download files you don’t expect
In addition to messages that require a reaction in the form of logging into a profile, phishing emails also contain malicious code (malware) files. If you do not know the sender, do not open or download the files in the message. Also, even if the sender is known to you, and you do not expect files of that type from him/her, it is necessary to be extra careful. In such situations, you can call the person who sent you the message and ask if they really sent the email with the additional files, since cybercriminals sometimes hack users’ emails intending to use their contacts as targets for phishing attacks.
Check the links in the message
If there are no attached files in the email, there are definitely links. They usually look like they lead to the website of banks, social networks, or other organizations, and the easiest way to check if these are valid links is to hover over them. The entire URL will usually appear in the lower-left corner of the browser. If the link shows an IP address, e.g. 192.168.1.1 do not click on it.
AND..
Despite the development of the Internet and security procedures, phishing attacks are still a threat today for two reasons: they are simple to execute, and they work because a large number of people, due to their fast-paced lifestyle, do not pay attention to suspicious messages. It is important to remember that these cybercriminals only need your email address for an effective attack. Smart use of the Internet with increased attention to things that look suspicious can save you from unwanted consequences.
