What is phishing and why is it so dangerous?
In this article, we will look into this in more detail and talk about what should be done to protect ourselves from this type of Internet fraud.
Phishing is one of the types of social engineering that allows attackers to gain access to the user's personal data. This usually happens by sending letters asking you to go to the site and log in, for example, you may receive a letter from some brand with information that you have won a prize, however, in order to pick it up, you need to go to the site and log in using some kind of social network. Many users do not think about the fact that this is a hoax and do everything that hackers ask, and all because attackers of this type are able to work with human psychology.
How does phishing work?
The attacker contacts you via email/personal messages in social networks. The subject of the letter should affect a person's feelings such as fear or joy, for example, you may receive a letter with the following subject:
Congratulations you won the lottery!
Your account was blocked
It is thanks to such topics that the user's attention is attracted and plunges him into deep feelings of joy or fear, because of which he can give his data without hesitation. The user, under the influence of his emotions, cannot think rationally and does everything that is indicated in the letter, which is why an attacker can get all the desired data such as: login and password, bank card number and CVV code. And then just use this data for his own purposes.
Recently, phishing has moved to social networks because there you can get more coverage because emails try to block phishing attempts as much as possible. In this way, your friend/colleague can write to you and offer, for example, to view photos of kittens or donate funds to charity. Thus, a hacker affects your feelings of joy or resorts to your conscience, sometimes files may even be attached to such messages showing that he made a transfer to a charity account or something else. An attacker can use your friend's account, and therefore you should not blindly believe everything that he writes initially, it's better to make sure that this is really your friend, and the most reliable way is to call a friend and clarify everything by voice.
Phishing techniques
Email is one of the main and ancient sources of phishing. The attacker sends you an email with a subject that should definitely catch your eye and affect your feelings. After you open such an email, anything can be indicated there, for example:
Your account has been hacked to change your password, click on the button below.
In this case, the attacker is playing on your sense of fear, and so that you do not suspect anything, even the sender can be listed as the site's support service. There may also be a letter indicating the winnings or some other information and a link to go to another site. With this type of links, you need to be careful because when you click on them, you can independently give personal data to a hacker, as well as infect the system with a virus.
Social network
Recently, phishing has moved here and under the guise of various people can offer you anything. For example, letters from people who want to donate all their money and property to you as a will are very common, because they have no one, and they will soon die.
From personal experience, I will say that this kind of trick can affect a user unfamiliar with elementary security conditions.
I was once written to myself with an attempt to get my bank account data for the transfer of funds because the person was allegedly dying, you can read the message that was written to me.
The text of the message I received:
I apologize for this contact form, my name is Albert Bunel
I am French and I have an importer of car accessories. I have throat cancer, from which I am dying.
I lost my wife 7 years ago; I didn't manage to get married again, and unfortunately we don't have children.
I made donations to various associations around the world, but finally realized that the leaders of these associations use this to enrich themselves at the expense of the poor. This time I want to give 70,000 euros to a foreigner who is honest and worthy to receive this gift, I think it's fate and you deserve this gift. Here is my WhatsApp office number +4915********. When you contact him, inform him that you are the beneficiary of Mr. Albert Bunel's donation. Write to him, he will help you get your money, and I want to tell you that he is a very honest, trustworthy person, and he has been working with me for more than 15 years, so trust him and follow his orders, and you will get your money
Initially, I was subjected to very strong emotions and contacted the number that was sent to me, but then I realized that it sounds too beautiful to be true. Remembering the security rules, I realized that I should interrupt the conversation and no longer respond to messages, otherwise I could transfer my data to an outsider and lose funds from my accounts or put my life in danger. Therefore, below I will give some tips on how not to put yourself in danger and not fall for such tricks.
SMS messages
A message may be sent to your phone number from different phone numbers and there you will be asked to donate funds for treatment or something else, and you may also receive a message as if from the bank's security service and inform that your accounts will be blocked if you do not follow the link. In this case, many people will follow the link without hesitation and then they will have to enter personal data, for example, a card number or cvv code, and maybe a login and password from a bank account. The page itself may look the same as the bank's page, but this does not mean that your data is not at risk. Most likely, a decoy page was created that allows an attacker to get your data without any difficulties.
Attached files
There may be attached files in messages or letters, which, following the instructions, you will need to download in order to view. It can be both photos and something else, and this is how your system can be infected with a virus and a hacker can gain access to the management of your system or get login data to your social networks.
Vishing
One of the very common ways lately. This method consists in the fact that in the message you can be written to contact this phone number to solve your problem, for example, so that your bank card is not blocked, contact the support service at this number. Sometimes attackers of this type can call you themselves and introduce themselves to the security service and inform you that an operation has been performed from your account or a loan has been requested and more. These people are well versed in human psychology and can influence in such a way that the victims themselves will not understand any instructions.
Statistics
Statistics for all the time are very disappointing and show that people do not learn anything. Over the past 20 years, people have lost more than $ 20 billion, and in fact, in 2020 alone, fraudsters stole almost 10 billion rubles from the accounts of Russians, and this shows us that even now people can succumb to the provocations of fraudsters and lose funds or their confidential data.
How to protect yourself?
Since everything is so bad and scammers are becoming more brazen every day, then it is necessary to protect yourself. Below you can see the actions that will help you protect yourself from the attacks of scammers and protect your data.
Do not open emails from unknown users – if you received an email from an unknown user, then you should not open this email. Also, do not open emails with headers – you have won a prize or something else that affects your emotions.
Do not follow the links in the messages – one of the main mistakes is clicking on the link. If you doubt that this letter really belongs to the company, then it is better not to open the link.
Enter the site addresses yourself – if you have doubts about the link sent to you, it is better to go to the site yourself by typing in the official address of the company.
Check the site protocol – Most of the official sites use the HTTPS protocol, this shows that the site is protected by S(Secure), while the HTTP protocol does not provide 100% protection and does not show that the site is protected. You can check the protocol by clicking on the lock icon in the address bar. Also there you can check the site certificate, which is also the best thing to do so as not to be exposed to danger.
Use antivirus and browsers that warn about phishing – To protect yourself, you should use antiviruses, because they can block the transition to a page that is a phishing site. Another important aspect is to constantly update the antivirus database so that you don't have to worry about the security of your system and your personal data.
Result
In this article, you got acquainted with phishing and the main ways that scammers use. You will probably need to spend more time studying this information in order not to become a victim of fraudsters and not lose your data or funds from your bank account balance. I also told you about the methods of protection that really work and will allow you not to worry that your personal data has been obtained by intruders. So that your friends or colleagues do not become victims of scammers, share this article with them and be vigilant in the future.