Every step of the way, we are exposed to the risk of data hacking on computer devices or mobile gadgets. Most online attacks are accompanied by phishing actions to steal passwords, conduct fraudulent transactions, and deceive maneuvers to introduce malicious software into user messages.
According to official resources statistics, in 2016, 93 percent of phishing emails were sent using special ransomware programs.
Security experts tirelessly appeal to users of computers, mobile smartphones, the Internet that they need to take measures to protect against phishing and not to lose vigilance when it comes to the security of their data.
There are a lot of phishing attacks, and attackers are becoming more and more sophisticated day by day to be invisible in their illegal activities and to gain access to other people’s data.
It is not so easy for an average user to recognize fraudulent activity. For example, if you send 10 fake emails, there is a 90% probability that one person will open it exactly and fall into the hacker’s trap. And such letters can be very well disguised, directed to the target audience.
That’s why it’s important to learn as much as possible about phishing, learn how to recognize it and protect your digital devices from the threat of attack and data theft. Below is a detailed analysis of what a phishing site means and what it is dangerous about.
What is phishing
The term “phishing” comes from the English word “fishing”, i.e. fishing. Phishing definition refers to Internet fraud to access confidential user data, most often logins and passwords.
Such a scheme is implemented through mass mailing of e-mails on behalf of well-known companies and brands, personal messages in the process of using services, social networks and programs. In such a dangerous letter there is always a direct link to the site, and often it cannot be distinguished from the original.
When a user follows such a fake link, the scammers immediately apply psychological methods of influence and motivation to disclose the login and password, thus getting the desired secret information to log in to accounts and bank accounts.
Phishing is a form of social engineering based on the fact that people do not know the key rules of Internet security. And the simplest and most obvious thing is that no service ever sends a client a letter asking for account information, password and other confidential information.
All browsers, in order to prevent phishing attacks, have agreed on the use of common ways to inform users about visiting a suspicious site.
Phishers have several key targets for the attack. The most common phishing examples:
- Bank clients and emails – targeted mailing of trap emails allows fraudsters to quickly catch people and steal their private data
- Social networks – users’ personal information is collected.
Phishing is becoming more and more active and large-scale day by day, causing great damage to Internet users and many companies.
The essence of a phishing attack is that it creates a duplicate or clone of a popular site to steal passwords and protected information from users.
Phishing always manifests itself in the mass mailing of emails, so it is important not to rush to open the message and always check its contents.
How to identify a phishing attack
It’s not easy for inexperienced users to detect a phisher attack – thefts can happen without you noticing anything.
However, beware of calls to enter personal and confidential data into your email after clicking on the link or otherwise. Remember that no company, bank, online store or service asks for personal data of customers – they are already in the database from the moment of registration.
And malefactors send such letters with requests. Immediately identify the phishers.
For example, a phishing link with a letter may look like this:
There is also an example of a phishing letter, which is shown in the image below. Emphasis on writing text – the author directly indicates that if you do not follow the instructions, your account will be blocked. This is already proof of fraud.
But not all phishing attacks look like emails. Below we will consider other ways of fraudulent activity of phishers and how not to fall into their trap:
Targeted phishing
is a type of fraud when a particular audience or company is attacked. Fishers are looking for specific victims and organizations, i.e. instead of stealing data from hundreds of small “fish”, they are immediately looking for “large prey”. For example, an official receives a threatening or blackmail letter to take away state secrets;
Whaling attack
such kind of attack is directed at top managers. For example, the theft of login details from the executive director will give more prospects for subsequent theft and hacking than the extraction of the password from an ordinary employee;
Business email compromise
is a game of directorship. That is, there is a substitution of mail, communication with employees to lure valuable information;
Cloning
is phishing based on making copies of authentic messages. That is, the letter is as similar to the original as possible, only the sending comes from a fake address and malicious content is used to steal the necessary information (phishing site);
Vishyng
is a telephone scam. A person is sent a voice message or SMS asking to call a number, write a reply or enter information, such as a PIN code.
Remember all these types of phishing attacks and always check your mail with emails carefully, do not give in to imaginary and suspicious sms, calls, use spam filters to protect yourself from fraud attacks.
How to secure your Android and iOS gadget from phishing
Separately, it is worth considering ways to protect your mobile devices, which are increasingly exposed to phisher attacks.
Below are some general tips on security and phishing protection for android smartphones:
- Always download applications only via Google Pay. If you want to do this from a third-party site, there is a high risk of infection. You can disable the option to install software from external sources right away: Settings – Security – uncheck “Unknown sources” and check “Check applications”;
- Make sure that the applications are allowed to be made and what information is available to them. When you install an application, a list of permissions is always displayed, and at the bottom of the page there is a button “View permissions”;
- Think of complex passwords – this advice is universal and applies to all cases of password creation, not only to protect against phishing. And let your smartphone also have a password on your screen as a way to lock: Settings – Security – Screen lock – Password;
- Encrypt device data: Settings – Security – Encrypt phone – Check the box “Encrypt SD card”;
- Control Wi-Fi connections – phones on the Android always automatically connect to the network, if you have previously had such a connection. And then one day you can get to a point that will be a hot spot for an intruder. Security setting in this case is as follows: Settings – Wi-Fi – hold on the network name from the list to open the menu and delete the network. Go to “Advanced Settings” and uncheck the network search box;
- Use the VPN service – this is relevant when you connect to public Internet points. The VPN service allows you to protect your data and even bypass restrictions on access to certain web resources. The connection is as follows: Settings – Wireless connections and networks – item “More” – VPN;
- Disable notifications – when you have a phone in the working or standby mode, notifications are displayed on the screen and may include one-time codes for transactions, account access and other private data. In this way, they can become visible to cybercriminals. You can disable notifications through: Settings – Applications – select a program – clear the “Show notifications” checkbox;
- Set up Google services – this is necessary to prevent the corporation from keeping track of you and all your interests, and to preserve your privacy. Go to Google Settings – My Location – disable Send Geodata and Location History for all accounts – Search and Hints – disable Google Now – Android Remote Management – enable Remote Device Search, Remote Lock and Reset;
- Uninstall all unnecessary applications: Settings – Applications – select program – Uninstall / Disable;
- Set up a two-step system for logging in to the accounts of all applications: go to https://accounts.google.com/SmsAuthConfig and follow the instructions through your browser.
There is no full and complete protection against iphone phishing, but the Apple software has many different security options so that gadget users can protect themselves and report phishing to Apple.
It is recommended to use antivirus for iOS, but they do not exist at all in nature yet. On the other hand, there are only a few cases of malicious spam for the iPhone, that is, almost no one attacks them, so that the owners of “apple” gadgets remain safe.
Conclusions
Sooner or later, everybody faces phishing attacks, but the most important thing is to protect oneself and the threat risk. Read the information on the Internet about the purpose of such a threat as phishing, use the blocking, encryption, passwords and VPN options to protect yourself from the threat of attackers in advance.