What is phishing and how to prevent it?
It is the simplest, yet the most frequent and dangerous method to carry out a web scam. What to pay attention to.
This phenomenon has its roots back in the 1990s and owes its name to a renowned hacker in those days named Ken Smith. The first known antecedent of a phishing attack dates to 1996, when AOL (America Online), with millions of users worldwide, was the main Internet service provider. Then, AOL's huge network was targeted by hackers who, through e-mail or instant messaging, got users to expose their personal passwords. Once they got hold of those private accounts, they used them to send spam, falsify data or access banking information.
What is phishing?
Phishing is a cybercrime in which people are deceived into sharing personal and confidential information on the web, such as passwords and credit card numbers. According to computer security specialists, it is the simplest method to carry out a cyberattack, but it is also the most frequent and dangerous. That is because hackers do not try to breach an operating system but, instead, rely on social engineering, and it is in that setting where the phenomenon becomes hard to control.
A neologism derived from "fishing", phishing has no other objective than to "fish" for unaware web users. Those who fall for this kind of attack usually receive an e-mail from a known source, whether it is a person or an organization, such as a bank or a service company. Those messages often include a link and some directions to browse through it to avoid facing a bigger problem. Once the user clicks on the link and enters the site —which will most likely have a similar appearance as the original, real site—, they are required to enter a username and password. When the user enters those data, cyberpirates will gain access to a greater volume of private information.
Phishing bypasses any security parameter available in operating systems such as Android, Apple or Windows, since it still can find a great number of users who will provide their information online, through e-mail, without checking where it comes from. What's more, this method often uses other contact channels apart from e-mail (this is the most frequent, though): phishing attacks by SMS or social network instant messaging are usual.
How to prevent phishing?
Always check the sender
This is not to be taken for granted: today more than ever, you need to check that an e-mail is not a fake before opening it. To do that, you need to look at the sender's full address. Even if the message comes from an organization or company, you still need to compare it with some previous e-mails from the same source.
Enter through the browser
Once the e-mail has been opened and read, do not click on any link without any previous examination. It is advisable to enter the site through its URL in the browser, with the client's username.
Before entering any personal data on a website, you need to check its security certificate. It must be an https:// address, and the browser needs to show a locked padlock icon.
Always keep your operating system and web browser up to date. But the strongest recommendation is to add a professional antivirus.
Beware of attachments
Do not download any attached file that comes in via e-mail: it can generate a download of a registry key or "spyware" software on the computer.
To report phishing cases, you need to be able to forward the message in its original state because it provides valuable technical information, such as the IP address of the device it was sent from, the program that was used and the servers through which the message was transmitted. In the United States, cybercrime cases can be reported to the Internet Crime Complaint Center (IC3).
Has your company developed an adequate security protocol? At Awkbit, our experts can help you. Get in touch.