Thursday, March 28 2024

It’s amazing how much an ancient saying or proverb can be used in a
multitude of situations and still hold the same wisdom and value.
“Prevention is better than treatment” is the motto that goes well with the
theme of so-called Cybersecurity. Several times we have reiterated
in other articles that when we talk about the internet, web reputation, or more generally the worldwide web, we refer to a
parallel universe where everyone has the possibility to build a second
life: new jobs, new friendships, new loves, new ways of committing crimes,
etc. We are talking not only about the dangerous Deep or Dark web,
but also about the illegal activities through which, by exploiting people’s
good faith, cyber criminals manage to get ahold of sensitive data and
information that the victim will often spontaneously share.

Phishing: cyber criminals’ favorite computer scam

A statistical study conducted by Microsoft Security Intelligence has
shown that since 2018 the cyber attack mode called Phishing has been cyber
criminals’ favorite. Although the MSI study was conducted taking into
account only the data as of 2018, it was found that phishing scams have
increased by 250% compared to the past, with even worst predictions for the
coming years.

The Phishing scam, a term derived from the word fishing, consists of
messages sent by a cyber criminal in the form of spam, i.e. an unsolicited
advertising message that is sent to a very large number of Internet users
by e-mail or other computer portal.

Passing himself off as a reliable source and using sites and logos of
public utility companies or private banks, rather than famous e-commerce
sites, the cybercriminal throws out his “bait” by sending seemingly
reliable messages via e-mail, Facebook, WhatsApp, or another messaging
platform. The format is always the same: the unsuspecting user is asked to
click on a link with the excuse that he urgently needs to update his data
on that particular platform.

After that, if the user decides to click, he will be directed to a page
with a dubious domain that will present a login screen with a clear request
for data such as username, password and/or postal or bank codes. The
strength of these fake emails is given by the apparent and imminent need to
prevent something irreparably serious from happening to the user, thus
heightening the fear of the same.

There are so many examples that we can report, as many may be the
experiences that each of us, at least once in our lives, has had. See one
quite common: surfing on your Facebook home page, you come across some real
or virtual friend who has clearly “taken the bait” of one of the many fake
messages and suddenly started to share posts that point to unsafe external
links. It is at this very moment that we are aided by our reasoning, and we
may realize that the profile of our contact has been infected by a virus
that publishes posts with the aim of recovering other data and infecting
other people in a vicious cycle.

Therefore, whenever we click on an unreliable link or spontaneously and
freely share data within an unknown format, we could also be victims of
phishing. The danger of this is that any information, from bank details to
personal passwords, maybe the “usual” information we use to access all our
profiles or portals, at that point, can be used by the cybercriminal
against us even through physical or psychological blackmail; the culprit,
in fact, can ask for favors or money in exchange for the return of our
profile.

Five ways to defeat Phishing

Now that we have drawn the lines and explained the dangerousness of this
cyber scam, we can list the 5 precautionary ways to avoid being a victim of
phishing.

Remember that the use of reasoning is at the basis of each action
but, to butress our intelligence, these are things to do:

1. Before clicking on any link, check that the address shown in the message
is real and that, once clicked, it will actually lead us to the official
internet address of the recipient.

This check can be done simply by hovering the mouse over the link
itself

.

2. Use only secure connections, especially when accessing sensitive sites.
Connecting to Wi-Fi with unknown connections or even public wi-fi, without
password protection could create the opportunity for cyber criminals to
easily direct us to their phishing pages.

3. To navigate with greater security and peace of mind, it is good practice
to install and use a VPN (virtual private network) on our device, a tool
that allows you to encrypt traffic during the connection.

4. Make sure that the connection is

HyperText Transfer Protocol over Secure Socket Layer (HTTPS)

and verify that the domain name actually reflects the name of the page. The
https protocol is a security stamp of the pages that by law all
companies/portals must have, especially sites that contain sensitive
information, such as pages for online banking, online shopping, social
media, etc.;

5. Never ever share sensitive information with a third party. Companies or
service providers never ask for such information through email or instant
messaging. Before taking any action, in case of doubt, simply call your
bank and customer service to ask for their honest response to such a
request and what to do in such a case.

Not always the right diligence or following these simple steps can keep us
from falling into these traps, perhaps unconsciously, of Phishing. In the
case it happens, the first thing to do is to keep a clear head, call the
manager of your payment system, request information and, just in case,
block any card and transaction not recognized, then go to the police and
immediately report it.

Timing plays a key role in these situations. If we realize, therefore, that
we are victims of the aforementioned computer scam, we should not waste any time and instead try to protect
our data and assets before it is too late.

Previous

We Are Social 2020: Evermore Connected

Next

A Recovered Woman Tells Us about Her Sex Addiction That Began on the Internet

Check Also