News about phishing is published constantly on the Internet and TV, warning people about several threats detected every day in emails, phone calls, social engineering, webpages and social media such as Facebook.
However, not everybody pays attention to this news since the majority are not aware of what phishing really is or what it looks like.
Phishing is an online scam designed by cybercriminals to steal money and personal information from your computer or mobile device, ironically, with your consent.
The way criminals do this is by posing like a legitimate company, organization or bank in order collect sensitive information such as usernames, passwords, credit card details and in some cases money.
The best way to avoid being a victim of phishing is by knowing how to recognize it. The following are examples of the most common ways criminals attack:
When you get an email from your bank, social media account, school, etc. requesting verification or some kind of urgent action, pay attention to the following signs to detect phishing:
Generic greeting: since email phishing is sent in large quantities, criminals use generic names such as “Dear valued costumer”. If you don’t see your name in the email, be suspicious.
Forged Link: Phishing is all about posing as a legitimate company, that’s why emails will look exactly as the genuine company layout. Pay attention to the links that they are asking you to go to, and read if they are actually going to the company’s site or to any other random, unfamiliar one. Another way to do this is by looking at the URL, in most cases the URL should start with “https”, the s stands for secure and if you don’t see it, don’t proceed.
Request sensitive information: If an email is requesting sensitive information such as ID data, credit cards or passwords it is probably phishing. Pay even more attention to the URL or link you are at.
Sense of urgency: Cybercriminals want to get your information ASAP. That’s why they will create threatening or confusing messages to get you to act immediately.
Poor resolution: This websites are usually poor quality. Be suspicious if the logo, text or resolution is poor.
Forged URL: Some webpages will masquerade their URL with names similar to the company, however always look for the s in “Https” that will tell you if the webpage is secure. Also, look out for URLs that begin with an IP address, such as: http://22.214.171.124/firstgenericbank/account-update/ — these are likely phishes.
Forged URL’s cannot show a domain path, what this means if you are at “http://www.paypal.com” and entering information, be cautious. There should usually be more to the URL. Paypal would not have you enter any information on their home page! This is a masqueraded URL!
Social Media Phishing:
Phishing in social media is increasing since people are more social and trusting. Cybercriminals know that and are pushing messages containing threats that accounts will be blocked if users don’t verify information, or promising interesting content such as games, videos or pictures.
So, be aware and pay attention to URLs, layouts, and the types of information you are required to give. Be cautious and keep your antivirus, such as MyAntivirus, updated and running since they can detect scams like phishing and malware behind it.