How often do you receive strange emails or messages from equally bizarre profiles, begging us to reveal a code, PIN, password, credit card or ATM details, to immediately stop the loss of data, savings, deletion of your profile, account or anything else? Many times. These things don't just happen to private individuals, but unfortunately, they often happen to companies as well. This sneaky technique in whose network, in Italy, someone falls about every 5 hours (according to the annual report of the Clusit of 2019, Italian Association for Information Security), is called phishing.
Phishing is therefore an illegal technique used to steal confidential information about a person or company with the intent to carry out fraudulent operations. The scam can take place via e-mail, text messages, chat and sometimes even via social media. The "identity thief" usually presents himself as an authoritative person: a bank, Poste Italiane, a credit card manager, a public institution... who invites to provide personal data in order to promptly solve sudden problems (of which the targeted person has absolutely no knowledge) related to the bank account or credit card, or asks the bad guy to accept contractual changes or promotional offers with a short deadline.
Also the content of the message varies according to the impostor's imagination, sometimes he invites to provide his personal data directly, other times he invites to click on a link to a web fraudulent page where there is a form to fill in. The stolen data can then be used to make purchases at the victim's expense, withdraw money from his account or even to carry out illegal activities using his identity and credentials.
How can this fraud be prevented and defended?
1. Common sense and adequate confidentiality
Personal access codes and passwords should never be communicated to strangers; on the contrary, it would be better not to let your partner or close friends know them either, as they can only know them in an emergency.
Furthermore, it is important to know that, in general, banks, public institutions, companies and large retail chains do not require personal information via e-mail, text messages, social media or chat. If you receive messages deemed suspicious, it is advisable not to click on any links contained in them and not to open attachments if there are any, as they may contain malware or Trojan horse programs capable of taking control of PCs and smartphones.
Sometimes links to unsafe content are hidden behind apparently safe site names or shortened URLs, and a small recommended tip is to always place your mouse pointer over the links before clicking on them, so that you can preview and read the real name of the site you are going to be directed to if you decide to click on that link.
2. Read carefully and find the evidences
Phishing messages are designed to deceive, so they often use truly realistic imitations of the logos or official web pages of the so-called authoritative subjects for whom they pass themselves off. Nevertheless, they often also contain grammatical, formatting or translation errors from other languages, which, with careful reading, it is really difficult not to grasp. Thirdly, attention must also be paid to the sender of the message, whose e-mail address is often incompatible with the sender or the text of the communication or is an obvious imitation of a real address. Finally, it is best to be wary of intimidating messages that threaten the closure or blocking of a bank account, or sanctions if you do not respond immediately: these are just strategies to encourage the recipient to provide the much coveted personal information.
3. Protect yourself better
It may be useful to install and keep up to date on any device an antivirus program that also protects against phishing. Some programs and email providers already have protection systems that automatically address most phishing messages to spam: it is important to check that they are activated and verify their settings.
Another thing that not many people give weight to is the storage of personal data and access codes in the browsers used to browse online, it would be better not to activate it and make that extra effort to re-enter everything every time, or rely on a password manager. It is also good practice to set complex alphanumeric passwords, change them often and above all choose different credentials for each service used, be it the bank app, e-mail or Facebook profile.
4. Buy online, but safely
To buy online it is more prudent to use prepaid credit cards or other payment systems where you can avoid sharing bank account or credit card data.
5. Caution is never too much
In order to protect bank accounts and credit cards, it is necessary to frequently check movements and activate notifications and automatic alert systems that warn the user of every operation carried out. Having the operations under control at all times will make it easier to notice ambiguous movements and therefore realize if you have really fallen into the "data fisherman's network".
These little tricks can sometimes really counteract the loss or theft of huge amounts of data, data that can mean years of work, especially for companies. In addition to this, they protect against losses of money, which in some cases were also considerable.
At NSI - Think Outside the Box, We take care of your data protection and cybersecurity projects!
At NSI - Think Outside the Box, we are a digital transformation company and help companies redesign their business processes and grow with customized IT solutions and digital products.
We take care of your data protection and cybersecurity projects!