Among the most widespread scams online there is certainly phishing: users’ personal data are jeopardized by e-mail and SMS. Here’s what it is and how to defend yourself
In an increasingly interconnected world, unfortunately, it can happen to everyone to run into a online scam. Often and willingly on our smartphones or PCs we receive fake SMS or e-mail written in an attractive way with only one purpose: to extort personal information to carry out a real scam. It’s called phishing but few people know what it is and how to defend yourself.
First let’s explain what it is. The term phishing indicates real online scams spread mainly through e-mail or unsafe websites, but there are also the most striking cases via WhatsApp and Facebook.
Falling into this scam is, unfortunately, extremely simple: most of the time, in fact, the message you receive seems to come from the bank where we are account holders or from a credit operator, but that’s where the catch lies: hacking personal data of users, such as passwords and card numbers, which are, in fact, kindly provided by the users themselves.
Or to be more precise, by those who take the bait. Just like in fishing, in fact, phishing exploits a simple bait spread through e-mails or other with alarming messages and (paradoxically) concerning the security of the device or account.
Recognizing an online phishing attack is fortunately quite simple but the phenomenon is not to be underestimated: e-mails of this type multiply, diversify and refine every day and avoiding falling into the trap always requires the utmost attention.
Phishing: what it is and how it works
Phishing is therefore a real scam that uses e-mail or text messages (be they SMS or WhatsApp) to steal information and data belonging to the recipient. A phishing attack is usually structured in several very specific phases and for this reason it is quite common and recognizable even by less experienced users.
The first obviously involves bots sending some false messages that imitate (almost perfectly) institutions, providers or bodies recognized as official whose graphics, logo and identity are taken up.
Usually when the user hit by phishing receives this type of message, the object is almost always related to a security problem, a type of hacker attack that (coincidentally) has put personal data at risk. The text is usually very alarming and implies the immediate need to check the status of your account by usually clicking on a link contained within the email or text message.
One of the most classic examples of phishing emails
Obviously, the link in question leads to a fake site, usually perfectly designed, always imitating a really existing official portal. A real copy to mislead users in which there are all the icons or screens that we are usually used to seeing on the official website of our credit institution or who for it.
This is where we must not fall into the trap: by entering the credentials, the data will inevitably be put at risk, being copied inside the servers behind the phishing attack, in order to be exploited in the future at will by the malicious attackers.
Also be careful to open the link to the clone site: better to avoid, since the risk of being infected by a trojan-type virus is very high (it is therefore always recommended to equip the best antivirus).
Phishing: how to recognize it and how to defend yourself
Major email providers, such as Gmail and Outlook, already provide an excellent barrier against phishing attacks by themselves (often confining fraudulent emails to the Spam box). However, some often manage to escape the applied filter, ending up directly in the inbox.
In this case, recognizing a phishing requires a good degree of attention, an eye for detail and prudence: the custodians of your personal information are only and exclusively yourself so before providing data that normally should not be requested, especially by e-mail, think carefully and always opt for a detailed and thorough check.
Despite the accurate graphics, it is almost always the alarmist tone that reveals the true nature of this type of attack: phrases such as "reply now" or "complete the verification or your account will be closed forever within 24 hours" are often the basic model with which the text of an e-mail of this type is created.
Despite the clever counterfeiting, often a very important clue to recognize a phishing attack is contained in the recipients of the email: being messages sent en masse to different users it is often not possible to verify the recipients involved, which remain hidden.
The vast majority of organizations and companies do not request any type of information such as credit card numbers, personal codes, passwords and so on through a simple e-mail. So avoid providing this type of information if you don’t want to get involved in one of the most unpleasant and widespread online experiences.
Original article published on Money.it Italy 2022-10-22 14:11:02.
Original title: Phishing: cos’è, come riconoscerlo e difendersi dalle truffe online