DUBAI – Phishing can affect practically anyone and scammers are making the most out of it online, getting more sophisticated on how to use technology to expand their reach.
We should take steps to safeguard our digital footprints so that the bad guys could not get our data and sell these online.
As social media and emails continue to evolve, cyberattacks are increasing through phishing scams, malware, and viruses that might damage online profiles.
Scammers usually send malicious links through emails or SMS which typically spoof a real website to the targeted victims to trick them to hand over sensitive information like credentials, personal information, or bank details.
PurpleSec said because of the pandemic, there is “an uptick in sophisticated phishing email schemes by cybercriminals has emerged”.
[WATCH: What Is Phishing And How Can You Avoid It (Must See!)]
Schemes include posing as websites like Center for Disease Control and Prevention (CDC) or World Health Organization (WHO) representatives. They then send links which when opened actually contain viruses.
Malware infections are also rising for the last 10 years delivered by email. Likewise, some third-party app stores host a big percentage of discovered mobile malware.
The Q3 2020 Cofense Phishing Review found out that information stealers and keyloggers are the most favored tools for phishing.
These two combined jumps to 75% from 65% average (+-) the last Q2, most of the attacks involved credential stealing.
Facebook experienced growth in phishing URLs pointing to fake logins and social sign-on. This becomes attractive to scammers because you are authorizing Third-party apps to use these logins.
How to recognize a Phishing Email?
Total Time:
Companies don’t request sensitive information via email.
They are requiring you to call them directly or if you have an online account with them you might log in and change that information on their website.
They have legit domain emails.
Companies are using legit email addresses like for instance [email protected] is not the same as [email protected]. (See in the BPI image below)
Check the Grammar and Spelling Errors.
Most phishing emails originate from foreign countries where the English language is less common and also bad grammar makes it a little bit easier to bypass the spam filters.
Legit companies don’t send unsolicited attachments.
There are instances that malware is sent in unsolicited email attachments and so, companies will never ask you to provide confidential information through this.
Unusual Request: credentials, payments, or personal information.
Companies will never use the insecure way of writing this sensitive information on a digital notepad, this is not a safe practice. Instead, they will require you to check your online account using their legit website and update whatever information they might ask for.
How does this scam work?
A message like an account is locked or temporarily restricted can trigger anxiety. If you are isn’t aware of this then you might immediately click the link, this will redirect you to a false website asking you to fill in the information – not to remove the restricted account but the scammers will add your pieces of information to their database records.
Another example also is asking to update your bank’s online information through the spoof website.
Ways to Prevent Phishing Attacks
- Do not click immediately in an email or instant message.
- Check the URLs if these match the legit domain name and be aware of the website extensions.
- Install free anti-phishing add-ons. For Firefox users, go to this address and search for anti-phishing add-ons.
- Do not share your personal information on an unsecured website. Check if the URLs start with HTTPS instead of HTTP.
- Update your password more often.
- Install security patches or update your browsers.
- Activate your Firewall to prevent external attacks.
- Avoid clicking pop-ups because often link to malware attempted phishing attacks.
- Be careful in social network invites.
- Cybersecurity awareness.
Bad guys never sleep, they made some innovative ways every single moment to target online users like you.
Make a constant lookout when browsing, and be aware of this type of attack.