The messages considered to be phishing (or phishing scam) are among the biggest dangers of the Internet. These attempts of fraud arriving by e-mail, social networks, WhatsApp and the like, and may result in serious consequences to victims, especially financial loss.
Is to help you protect against this danger as often this text has been written: in it, you will understand that is phishing, you know how this kind of message attempts to fool and you will see tips on how to prevent it.
What is phishing?
The term phishing alludes to the English word fishing, that means “fishing”, in free translation. The association with this activity it is not mere chance: the phishing scam is an attempt of fraud by the Internet that uses “lures”, that is, artifices to attract the attention of a person and make her take some action.
If the individual “bite the bait”, you may end up telling you the bank details or other confidential information to strangers, realizing only too late that it was the victim of an online fraud. In the same way, you may contaminate your computer or smartphone with a virus or other malware.
Phishing often arrives by e-mail, but can also explore other means, such as SMS, social networks and services instant messaging, such as WhatsApp, Telegram and Facebook Messenger.
Normally, messages of that type are created to appear issued by institutions known as banks, telecom operators, government agencies (like the irs or any Dmv) and credit card companies,although they can also pass for individuals.
This is one of the main characteristics of phishing scam. The other are the arguments used to convince the user to click on a link or file dubious that accompanies the message.
The main dangers of phishing
If a person receive a message of phishing scam and not realize that you are facing a fraud, you may perform an action that will result in financial loss or other disorders.
An e-mail of the kind that passes by notice to the bank, for example, can guide the user to click on a link to update a registration. To do so, the person will fall into a fake site, butquite similar to a banking institution. Case not note that that page is not legitimate, it will provide sensitive data, such as account number and password to access the account.
This type of fraud is so common that, today, many banks use complementary protective measures, such as requiring a extra code sent by SMS or application, or allow the user to access the only account on mobile phones or computers registered.
In a scheme more sophisticated, the message may contain an attachment or link that directs you to a malware. If the user to run it, the plague if you install them on your computer or device mobile and can perform a series of actions, such as log data typed, capture files of the user or monitor their activities on the web.
Another possible consequence of phishing is to confirm the e-mail address or mobile phone number of the user is active. After that, the person will receive other messages the type or SPAM (e-mails not requested) and still be able to to be classified as a “potential target”: when you run the action of the first message, she indicated to the scammers do not know how to identify misleading content.
Variations can affect the user in other means. A person can, for example, accept an invitation for a supposed game in a social network. By doing so, the malicious application can issue invitations automatically to other users. These, to the they can see that the invitation came from a well-known, may accept it, giving continuity to the scheme.
It does not end there. Other examples of problems: the user’s computer, if contaminated by a malware, you can issue Spam; accounts in online services can be hacked thanks to the capture of passwords and user names; the person can make purchases at a fraudulent site and, for this reason,you don’t receive the product; and so on.
Phishing: how to avoid
With the exception of schemes carefully crafted, is relatively easy to identify a phishing scam. This is because some features are common to most of these messages. The following are the main of them.
The phishing is going on messages from banks, mobile operators, public bodies, etc
Those responsible for the phishing create fake messages that incorporate colors, logos, slogans and other characteristics of the identity of any institution that known. The reason is obvious: to make the user believe that that entity is communicating with him.
In Brazil, it is quite common to find messages of the type that pass as communicated to banks,operators of credit card, airlines, social networking services, developer of antivirus, judicial bodies, virtual stores and so on.
Not rarely, the messages have faults coarse in the visual aspect, as figures missing, items jumbled or images of poor quality — an institution serious would not let errors occur.
There are, however, fraudulent e-mails or profiles on social networks that are faithful copy of the legitimate. Therefore, it is important to note other aspects of the message.
Spelling and grammatical errors
As said in the previous topic, meaningful institutions, by worrying about your image, do not issue releases of coarse. Therefore, if you encounter a message with spelling errors and grammar on behalf of a company or a government agency, are likely to be before a phishing.
Links strangers or suspicious attachments
It is common for phishing scams to use links “confused” (which you would not be able to save the head) or that, somehow, resemble the legitimate address of the entity mentioned in the message. For example, if the website of Company X is www.empresax.com.br, the email may have a link type www.empresax.dirt.com.
It is also possible that the description of the link point to the address legitimate company site, but when you move the mouse cursor on top of this, the browser or e-mail client show the link to true and, consequently, suspect. Hence the importance pay attention to this detail.
In the same way, it is also important to be aware of the attached files, especially if these they have extensions such as .exe or .zip.
Arguments alarming, or that inflamed the curiosity
In order for a phishing to take effect, it is necessary that the user perform some action: click on a link, open the attachment or reply to the message, for example. For this to occur, the person responsible for the fraud often use arguments alarming, that stimulate the curiosity, arouse the feeling of urgency or cause a feeling of opportunity.
It is not difficult to understand why: when taken by these feelings, the individual tends to think less and act driven by emotion. The following are the false arguments the most common.
- The message alleges that the user has a debt of bank loan and that his name will be registered in the organs of credit protection if the payment is not made in a timely manner;
- The message states that the user should do a re-register for do not have access to your account blocked;
- The message warns about a new protection module that must be installed on the computer;
- The message goes by a deposit slip allegedly made to the account of the person;
- The message warns you that the login, access key or token of the user has expired, being necessary to click on a link to renew it.
Involving credit cards:
- The message passes through a posting on the card of the user, often of high value;
- The message goes on a card bill, often with maturity the next;
- The message argues that the user has loyalty points are about to expire.
Involving government entities:
- The message states that a document (such as Voter registration or social security number) will be canceled in case the user do not click on the link or attachment to update it;
- The message alleges that the user has a pending great value in the Federal Revenue or that there are irregularities in your Income Tax declaration;
- The message states that the user is being prompted by a judicial or police authority;
- The message claims that the person has traffic fines or irregularities in the documents of your car.
Involving news and recent events:
- The message promises details supposedly hidden by the press or photos strong of a tragedy with major repercussions;
- The message promises exclusive information about the latest political scandals, celebrity or complaints.
Promises of revelations:
- The message promises revealing photos that show that the person is being betrayed;
- The message promises to reveal unique information regarding a celebrity;
- The message promises revelations conclusive on conspiracy theories.
Promises of prizes, rewards or inheritances:
- The message states that the user has been drawn and will win airline tickets, cars, bonuses or cash prizes;
- The message states that the user has an award pending in the lottery and who will miss it if you do not redeem it within the next few hours;
- A person passes by an heir of a great fortune that you need to change the country for political reasons, and offers a significant compensation, in case the user help you in this process — the old scam from the “nigerian prince” fits here.
Message sent by “mistake” or showing interest:
- The message promises intimate photos of someone or parties, being written so as to make the user believe that the e-mail reached him by mistake, an attempt to feed your curiosity;
- The message passes through a contact from a secret admirer unknown, but who wants to reveal himself to the person.
Involving social networks and services like WhatsApp:
- The message states that the account of the user in a social network will be deleted or will be paid if certain action is not performed;
- The message passes through a message or invitation from someone on a social network;
- The message states that the user was tagged in photos of a person, usually unknown, in a social network;
- Messages arrive by WhatsApp (or similar application) if passing by promotions, shops, offers of employment, tricks for to avoid taxes, sensational news, etc.
* * *
These are just a few examples. Phishing scams can explore several other arguments for fool, but realize that the idea is almost always to “capture” the person from a feeling alert, curiosity or opportunity.
As the fraudster knows that I am a client of a certain company?
If you have received a fraudulent email in the name of a bank or an airline, for example, can be wondering: “how is it that the issuer knew that I am client of this company?” The truth is that, in the majority of the time, he does not know!
What the fraudster usually does is to work with retries setting. The message is triggered for thousands of people once because the issuer knows that a significant portion of them probably is, in fact, customers of certain companies.
For both, the messages are assigned designations of companies that have a customer base that is very large, and that preferably have little competition. This is why that names of banks, companies areas, large retail chains and telecom operators tend to be improperly used in this type of fraud.
And if the phishing you have my full name or social security number?
It may be that phishing have your full name, social security number or other personal information.The goal here is obvious: with these data, it is more easy to convince of something.
Fortunately, this type of message is uncommon. What happens is that, somehow, the fraudster had access a database with registrations of persons. It is possible, for example, when an online store is invaded, or when an employee of a company that resells unduly information.
Therefore, even when the message contains personal data, do not disregard the possibility of a coup attempt there.
And if the message has been sent by a known person?
Even if a suspicious message has been sent to you by a friend or acquaintance, be wary and, if possible, ask the person about the issue. It is not rare to happen of malware are able to access e-mail, services of instant messaging or social networks to propagate malicious content without the account owner noticing.
Tips to protect from phishing
It is virtually impossible to prevent scams from reaching you, but some simple care will help to get rid of the danger:
– the first one is to observe the characteristics of the message (visual, spelling errors, suspicious links, arguments persuasive, etc.), as explained above;
– remember that warnings of the debt, summons or judicial requests registration, for example, will not usually be made by e-mail or social networks, but by correspondence sent to the his residence or place of work. Do not be fooled by the threatening tone or alarmist of the message;
– be wary of deals too generous. No one will give you prizes and contests that you do not is participating in or offering a product with a price much below that which is practiced by the market. If it is necessary for you to pay any fee or make any contribution of money, you can be sure that this is fraud;
– be careful with your curiosity, and be wary of sensational news, conspiracy theories or news that can not be confirmed in vehicles renowned;
– if you have doubts about the legitimacy of a message, contact the company or institution mentioned by phone or the official website to ask for clarification;
– use anti-virus and update their software, especially browsers. They can smear clicks inadvertent or malicious links;
– if you are sure that a message is phishing, delete it immediately. You can also mark it as SPAM, when possible. This is because, depending on the service used, if a significant number of users mark the given message as such, it can be barred automatically in the accounts of other persons;
– pass these guidelines to your family, friends, work colleagues and other people close to you to avoid that they are victims of the problem.
I fell in phishing. What do you do?
If you have performed any action through the influence of a phishing scam, you should act soon. If you have signed into a fake site of the bank and have entered your personal data, for example, you should contact immediately the bank to block your account and get new password. Already if you have the past data of your credit card, it is important to contact the operator to cancel it and verify transactions have not been recognized.
If you clicked a malware, it is recommended to scan your computer or mobile device with an antivirus up to date and reliable. In addition, it can also be a good idea to swap passwords typed after the contamination.
In the case of injury or any other disorder considerable, do not hesitate to seek orientation of the police or the judicial authority.