What is Phishing and How to Protect Yourself From Scams on the Internet?

What is Phishing?

The term phishing was chosen because it resembles another word in the English vocabulary,  fishing, which means to fish. This means the practice of “fishing” users' secret information and data through false information or non-real but very attractive data.

As in fishing, the person who practices phishing obtains this information through a bait released to users to then obtain the actions they need to apply the scams.

Phishing is a cybercrime in which ordinary people are contacted via email, phone, or text messages (SMS) by another person or company. The contact is made in a genuine way, to attract and induce the contact to provide confidential information bank details, credit card, passwords, and other confidential information

Types of Phishing

As you read this article on what phishing is and thinking about how to improve your technique to avoid falling into these traps, there are criminals working hard on new techniques to steal your data. 

There are several forms of phishing attacks via email, SMS, and suspicious links. Know the main types of phishing.

Scam: 

Scams The phishing scam are attempts by criminals to trick you into providing personal information such as bank account numbers, passwords, and credit card numbers, by opening links or infected files. This information will be used to misuse your account, steal money, and conduct transactions. Contact can be made via phone, email, text message, or social media.

Blind Phishing: 

It is the most common of all, triggered via mass email and without many strategies, which rely only on the “luck” that a user falls into the trap.

Spear Phishing: 

It is when the attack is against a specific group. It may be against government officials, customers of a specific company, or even a specific person. The spear-phishing aims to access this particular database to obtain sensitive information, confidential or financial records.

Clone Phishing: 

This scam clones an original website to attract users. Generally, when accessing the fake website, the person has to insert registration information in a malicious form that will transmit the information to the criminals. Then the user is directed to the original page without realizing that he was a victim.

Whaling: 

The term comes from the word whale (whale, in English) and means to hunt whales. This means that this crime is linked to the “size of the fish to be caught”. Whaling targets high-level executives or prominent personalities, such as a corporate president, and does so on behalf of the company for which he works. These attacks are masquerading as court subpoenas or internal business notifications.

Vishing: 

The letter "p" has been replaced by "v" because vishing uses voice mechanisms to deliver scams. They can be accompanied by SMS saying that your card has been blocked and you need to call a certain number to ask for the release, but it can also be a direct call to your home or your cell phone. Criminals use VoIP because it is easy to hide the identity of the caller.

Pharming: 

This is when DNS poisoning (the system that translates IP numbers into domain names) occurs and reaches users on a large scale. Whenever the user searches for a website on the internet, when typing the URL (for example google.com.br), DNS resolves the domain name to the server's IP number. But if the DNS is compromised, the URL entered may take the user to a fake page created for the attack.

Smishing:

It is the name for phishing carried out via SMS. They are messages that generally embarrass the user as debt or that impel them to make immediate decisions due to emotions such as a raffle, prizes, or a high amount to receive.

How to Recognize Phishing

But how do you know if the contact you are receiving is in fact phishing?

There are a few questions that can be assessed before simply handing over your data to criminals masked as heroes, without falling into a trap.

When alms are too much ...

The saying went, "When the alms are too much, the saint is suspicious." When you receive unprecedented very lucrative offers or statements like "your R $ 15,000 income tax refund is released," be wary. They are just baited to attract your click on malicious links that will steal your data.

Prize lottery

Many send statements from award winners, travel, smartphones, and cars. Everything comes for free and very easy. Don't click. Campaigns and sweepstakes can be checked directly on advertisers' websites before there is a wrong action, which is to click and “fall into the network”.

They want to talk to you and they want to now

The sense of urgency is a common feature of cybercriminals. They ask you to act quickly to create the feeling of urgency and, if you don't do what he asked at that moment, you will miss this super chance of your life. Ignore these emails.

Threats

Catchphrases like "your service will be suspended if ..." or "your account has been blocked, click here to check" are common phishing approaches. Again, check directly with the referred institution, whether a bank or government agency (the most used), before taking any action. Serious companies never give short deadlines and with this type of approach to customers and users.

External Links

These emails or messages are accompanied by external links for you to click and then open the door to the invasion. One way to check the intent of this link before clicking is to hover over the link to see the URL. But stay tuned. Criminals register domains very similar to the original domain of the company in which they pretend to be.

Another option is to click the right mouse button to copy the link and paste it into the notepad, so you can see where it is going, although some of them use the URL shortener to mask the original link.

Malicious files

When receiving emails from strangers, who are already suspicious in their own right, be aware of attachments to the message. Account statements, proof of deposit, fine or even job offers are triggers used to induce the user to click on links that contain viruses and steal data.

Unknown sender

If you receive messages from senders you don't know, be suspicious. The same goes for banks, large companies with whom they have no ties or foreign characters.

How to Protect Yourself From Phishing Attacks

And in the face of so many ways to be attacked virtually, how can you protect yourself from phishing attacks? The media frequently reports cases of scams on the internet in order to alert the population of crimes and risks.

In addition to staying informed and attentive to the details we covered earlier, in the topic How to recognize phishing, we have listed some more options to help you not fall into this wave.

Analyze the Email

Yes, let's repeat this tip again. Evaluate the information and intent of the received email. Certainly, with a dynamic reading, you will be able to identify if it is malicious content or not.

Install Antivirus

There are several reasons why you should have an antivirus and one of them is to protect yourself from phishing. Among the best antivirus on the market are Avast, Protegent360, Avira or AVG, all of which have free versions.

Two Steps Verification

It is a process that involves two forms of authentication, one after the other, to double-check whether the person making access is in fact the authorized person, thus increasing security.

Install a Firewall Software

A firewall acts as a barrier to access the site, which checks incoming traffic to check the origin and if there are records of this access in blacklists.

Use Plugins in the Anti-phishing Browser 

You can install plugins and, each time you access a website, the tool will check for blacklisted registrations or indications of this website. Some recommended anti-phishing plugins are Anti-Phishing & Authenticity Checker, Netcraft Extension, or Stop Phishing.

SSL Security Certificate

Always check if a website has the security seal, which certifies that the website is safe for the exchange of information between the user and the server. Click here to learn more about what SSL is and how to install it on your website.

Conclusion

Phishing is a threat with no deadline to end. For the simplicity in the disclosure, by the criminals, and because there are still many people on the internet who do not know about these attacks or the risks they are subjected to in online life.

For some, tips such as don't click on any links or suspect absurd offers may be obvious, but the truth is that these are pitfalls that easily reach people. Despite all the history of the internet in Brazil and in the world, more than 4 billion people in the world still do not have access to the internet. That is, they will be easy targets for virtual scammers.