It’s amazing how much an ancient saying or proverb can be used in a multitude of situations and still hold the same wisdom and value. "Prevention is better than treatment" is the motto that goes well with the theme of so-called Cybersecurity. Several times we have reiterated in other articles that when we talk about the internet, web reputation, or more generally the worldwide web, we refer to a parallel universe where everyone has the possibility to build a second life: new jobs, new friendships, new loves, new ways of committing crimes, etc. We are talking not only about the dangerous Deep or Dark web, but also about the illegal activities through which, by exploiting people's good faith, cyber criminals manage to get ahold of sensitive data and information that the victim will often spontaneously share.
Phishing: cyber criminals' favorite computer scam
A statistical study conducted by Microsoft Security Intelligence has shown that since 2018 the cyber attack mode called Phishing has been cyber criminals’ favorite. Although the MSI study was conducted taking into account only the data as of 2018, it was found that phishing scams have increased by 250% compared to the past, with even worst predictions for the coming years.
The Phishing scam, a term derived from the word fishing, consists of messages sent by a cyber criminal in the form of spam, i.e. an unsolicited advertising message that is sent to a very large number of Internet users by e-mail or other computer portal.
Passing himself off as a reliable source and using sites and logos of public utility companies or private banks, rather than famous e-commerce sites, the cybercriminal throws out his "bait" by sending seemingly reliable messages via e-mail, Facebook, WhatsApp, or another messaging platform. The format is always the same: the unsuspecting user is asked to click on a link with the excuse that he urgently needs to update his data on that particular platform.
After that, if the user decides to click, he will be directed to a page with a dubious domain that will present a login screen with a clear request for data such as username, password and/or postal or bank codes. The strength of these fake emails is given by the apparent and imminent need to prevent something irreparably serious from happening to the user, thus heightening the fear of the same.
There are so many examples that we can report, as many may be the experiences that each of us, at least once in our lives, has had. See one quite common: surfing on your Facebook home page, you come across some real or virtual friend who has clearly "taken the bait" of one of the many fake messages and suddenly started to share posts that point to unsafe external links. It is at this very moment that we are aided by our reasoning, and we may realize that the profile of our contact has been infected by a virus that publishes posts with the aim of recovering other data and infecting other people in a vicious cycle.
Therefore, whenever we click on an unreliable link or spontaneously and freely share data within an unknown format, we could also be victims of phishing. The danger of this is that any information, from bank details to personal passwords, maybe the "usual" information we use to access all our profiles or portals, at that point, can be used by the cybercriminal against us even through physical or psychological blackmail; the culprit, in fact, can ask for favors or money in exchange for the return of our profile.
Five ways to defeat Phishing
Now that we have drawn the lines and explained the dangerousness of this cyber scam, we can list the 5 precautionary ways to avoid being a victim of phishing.
Remember that the use of reasoning is at the basis of each action but, to butress our intelligence, these are things to do:
1. Before clicking on any link, check that the address shown in the message is real and that, once clicked, it will actually lead us to the official internet address of the recipient. This check can be done simply by hovering the mouse over the link itself .
2. Use only secure connections, especially when accessing sensitive sites. Connecting to Wi-Fi with unknown connections or even public wi-fi, without password protection could create the opportunity for cyber criminals to easily direct us to their phishing pages.
3. To navigate with greater security and peace of mind, it is good practice to install and use a VPN (virtual private network) on our device, a tool that allows you to encrypt traffic during the connection.
4. Make sure that the connection is HyperText Transfer Protocol over Secure Socket Layer (HTTPS) and verify that the domain name actually reflects the name of the page. The https protocol is a security stamp of the pages that by law all companies/portals must have, especially sites that contain sensitive information, such as pages for online banking, online shopping, social media, etc.;
5. Never ever share sensitive information with a third party. Companies or service providers never ask for such information through email or instant messaging. Before taking any action, in case of doubt, simply call your bank and customer service to ask for their honest response to such a request and what to do in such a case.
Not always the right diligence or following these simple steps can keep us from falling into these traps, perhaps unconsciously, of Phishing. In the case it happens, the first thing to do is to keep a clear head, call the manager of your payment system, request information and, just in case, block any card and transaction not recognized, then go to the police and immediately report it.
Timing plays a key role in these situations. If we realize, therefore, that we are victims of the aforementioned computer scam, we should not waste any time and instead try to protect our data and assets before it is too late.