How to fight phishing


Phishing (eng. phishing) attacks belong to the domain of social engineering, and in order to make the call for disclosure of confidential personal data as convincing as possible, fraudsters most often abuse large brands, banks, retail chains and mobile telephony operators.

As Internet users, we generally no longer fall prey to notifications that we have just become the heirs of a rich prince from Nigeria, but we are therefore the target of new and increasingly innovative methods of cyber scammers. Banks are increasingly warning not to respond to emails that allegedly come from them, because it is a sophisticated attempt to steal money and data. One of the more realistic scenarios that many have “caught” is the notification of the alleged foreign exchange inflow, which will lie after the link is clicked or the required documentation is sent.

Phishing is a type of social engineering that involves stealing user data and confidential information using fake websites, email and social networks. If the victim is “caught”, they will reveal personal data such as credit card numbers or passwords for legitimate services. To make the scam as convincing as possible, fraudsters mostly abuse big brands, banks, retail chains and mobile phone operators.

Vladimir Mićić, Director of Erste Bank’s Security Risk Management Service, reveals what the most common pitfalls are and what things we should pay special attention to in order not to become victims of cyber scams.

“Serious companies that take care of their clients will never ask for your account number, code and other personal data via SMS or e-mail. Also, the bank will never send you an email at 4 am from the address type [email protected], nor will it threaten to block your account or cancel any service you already use, if you do not send the requested information within 24 hours. The alarm light should come on if the attached link is different from the one that appears when you hover your mouse over it (the difference can be only one letter) or if there are grammatical errors in the text.

“Your colleague shouldn’t even ask for your personal data, so if that happens, check with other communication channels if his account may have been hacked,” explains Mićić and adds: “Since it is difficult to break into a well-protected system of large companies, hackers they lead us to discover the data ourselves or to download a virus by downloading suspicious attachments. In doing so, they count on human emotional reactions such as curiosity, or attachment to a certain brand, and that is why phishing belongs to the methods of social engineering. They often play the card of fear, threatening to cancel the services if they do not react immediately. Therefore, be especially suspicious of requests to take action in a short period of time. “

Open your eyes (and ears) well

More than 90% of phishing attacks are realized via email addresses, sms and chat channels on social networks. Voice messages can also serve this purpose, and this type of phishing is known as vishing (voice phishing). If the attacks are aimed at a specific person or organization, it is spear phishing. In this way, the emails of the American Democratic Party were hacked before the elections there in 2016, because the Gmail password of the head of the campaign was changed on a fake site – via a link in a fraudulent e-mail. So anyone can sit down. As one of the most sophisticated forms of deception, deepfake is increasingly used – videos or photos modified with the help of artificial intelligence, which show people doing or saying something they have never done or said in reality.

Banks, as well as other companies and institutions, invest a lot in the cyber security system and follow the latest trends. Much of their security network is invisible to users (security tools, malicious sender detectors, 24/7 alert monitoring, internet content and traffic control), while some measures are very obvious. For example, when paying online, you need to enter the code sent by SMS or biometric data as a confirmation that the transaction was initiated by the user, and not by someone who stole the card or data.

“Banks are constantly working on educating employees and clients. All cases of abuse are reported to the Association of Serbian Banks and the Department for High-Tech Crime of the Ministry of the Interior. Clients, for their part, have to do what is up to them, and that generally means opening four eyes. “Only if each of us does his part of the job well can we protect ourselves from attackers, who try to always go one step ahead,” says Vladimir Mićić.

Be careful with prize games

In the last two years, a fake prize game of a well-known brand of sports equipment has been circulating on several occasions, who allegedly gave away sneakers and T-shirts on the occasion of his birthday, and the condition was to click on the link and leave information. Last fall, a domestic public company was abused as the alleged organizer of a quiz where the latest iPhones were shared. It was necessary to answer the questions, leave personal data and pay 250 dinars exclusively via payment card.

“When it comes to prize games, take a few moments to check that information on the official website of the organizers. It is easy to create fake profiles on social networks. See who brags on Facebook that they received expensive sneakers as a gift. For example, it is a little strange if people who introduce themselves as Hugo or Marvin write in Cyrillic “, explains Vladimir Mićić.

Lastly, don’t forget the basic rules for safe internet use. Use different passwords for different sites and change them often. Do not access important services from the public wi-fi network and use modern technologies such as fingerprint reader and face recognition.



Source: Personal magazin by feedproxy.google.com.

*The article has been translated based on the content of Personal magazin by feedproxy.google.com. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!