Nowadays, we live permanently connected with the rest of world. People send and receive information from others they know, but also from persons they have never seen before. Despite the clear benefits of living in these hyperconnectivity times, we are not as as safe as we hope. Danger starts from the first moment we introduce personal information on Internet. Private conversations, personal documents, and overall, bank accounts access are the main goal of cybercriminals. They work with a lot of methods to steal information, and one of the most popular is phishing.
What is phishing and why you should worry about it?
Phishing is a technique of social engineering whose primary purpose is to obtain sensitive information by misleading users. To do this, hackers choose the name of a trusted person or a company name, and then they send to their victims an e-mail or a message by social networks asking them to click a link or download the attachments. People who take the bait give data access to the cybercriminals.
Their common motivation is financial, that means they look for ways to obtain credit card details, bank account access or PayPal credentials. However, they also attack governments, public and private administrations for political and social reasons.
As we already know, Internet doesn’t have borders. According to a report released at the end of 2016, every 30 seconds a phishing attack occurs. This shows that even if we think that phishing is an external and remote issue, it is not. Any person could be a victim of information theft. Moreover, phishing is a method, which means that there is no way to eradicate it. As normal users, the best we can do is to open our eyes to signs of phishing and take the next steps to feel a bit more safe on Internet.
Good practices to avoid phishing
From some time now, Internet is not longer free from danger, that’s why we need to show mistrust every time we receive a suspicious link. As we said, the most common attacks occurs through e-mail or in social networks. So, there are places where we have to pay more attention and follow the next good practices:
1. Open your eyes on your inbox
Maybe, while you are reading this, you have dozens of unread e-mails in your inbox. It is no wonder that as we increasingly use e-mails, one day we will receive a malicious one. If we don’t know who is the sender, it’s better not to open the e-mail and send it directly to the trash.
Even so, at the first sight, you may think that the message could be from someone you know. Then, if you open it, analyze the content before you click on any link or download anything. The e-mail address and the text are the keys, so ask yourself: Who has send me this? Is someone that I really know? Is this person writing to me from a official domain? Is there any error in the content like spelling mistakes? What is this person asking me to do?
You should be clear that nobody will ask you for login information, or any other kind of data unless they want to obtain something from you, and probably they are trying to phish you. If you are not sure of this, the best you can do is to call to the person or the company that supposedly sent you the e-mail. Also you can do some research on Internet, as some attacks are reported on the news, or some web sites warn about them.
2. Social networks, if anything sounds strange do not click
In the middle of the last year, Facebook users were hit by a phishing attack. It reached thousands of users in only 48 hours (2). These users received a private message from a friend they already knew. The message said that they were mentioned in a post on the social network and that, to read it, they should click on the link. Those who did gave hackers access to their private information, and they also could change the privacy filters of the affected accounts.
This is a clear example about phishing in a social network, and it shows that everybody is at risk. Danger is not only in private messages, you should pay attention to the groups you follow, or the links and news shared in your timeline.
Once again, we should be cautious about what our contacts send us, as it’s possible that they have been tricked before you. Phishing is also very common in other services as Twitter or Whastapp.
3. Extreme care when you surf the web
Even something as simple as looking online for information is a risk too. You might use a trusted search engine, like Google, but some fraudulent websites can still make their way into the results. That’s why, while you are on Internet, you should verify if there is a lock on the navigation bar. This is a signal which means your informations is safe in that site.
Finally, we also should mention the extensions we install in browsers. Some of them were made to gather personal information of the users, as if this were not enough, they can slow down the proper system function. It’s recommended that you research any add-ons and extensions before you install anything.
These are some of the steps everybody should take for their security. As we have seen, part of our protection depends of us, but also it’s important how our family and friends take action. So, it would be great if you share these good practices on your social media pages, and you may never complain about a phishing attack.