With the growing use of Internet To perform multiple daily activities, our devices such as mobiles, computers and tablets store more and more sensitive data, including personal and financial information. This makes them a very attractive target for Cybercinkerswhose main objective is to appropriate our money, and in many cases, also that of people close to us.
The big problem is that the methods used by these attackers are very varied, and the most worrying thing is that their tactics are increasingly complex and difficult to detect. However, according to the Organization of consumers and users (OCU)the most common and alarmingly effective technique remains the Phishing.
What is phishing?
The word Phishing It comes from the English term Fishing, which means ”fishing”. In the field of cybersecurity, it refers to a method of deception through which computer criminals try to “fish” our confidential data, such as banking or access information, using different types of deceptions.
The process usually begins With a message that comes by email, SMS (In this case it is called SMISHING), messaging applications such as WhatsApp, or even social networks. The content of the message includes a convincing excuse to make the recipient click on a link. Some of the most used tricks include alleged money returns by the Treasury, false awards that require your personal data to be sent, alerts of suspicious operations in your bank, or pending fines that must be paid urgently.
The true purpose of these messages is that the victim agrees to the link provided, which It leads to a false website designed to resemble that of an official or known entity: banks, the tax agency, online stores, etc..
Once in that fraudulent site, the victim is asked to enter personal data, credentials of access or bank information. If this data is entered, the scammers already have what is necessary to commit fraud.
How to recognize a Phishing attempt?
Generally, these attacks are presented through an email. Here are some keys to identify them:
- Check the sender: Make sure the name and email address come from a reliable source. It especially observes the domain (the text that follows the “@” symbol), which must coincide exactly with that of the company that supposedly sends the message.
- Look at language: Many fraudulent emails contain grammatical errors, spelling fouls or poorly written phrases. Although automatic translators and artificial intelligence have improved a lot, incoherence can still be detected if read carefully.
- Pass the cursor on the links: Without clicking, place the mouse pointer on the link and observe the web address that appears. If it does not match what appears to have the email or it is suspicious, it is very likely that it is a scam.
- Suspect what seems ” too good ” or alarming: If you receive draw messages in which you did not participate, job offers you did not apply, fines that you did not expect or notifications of companies with which you have no relationship, it is better to distrust. The same goes for intimidating mails: account blockages, debt claims or legal threats are usually part of scam strategies to act impulsively.