Phishing is a social engineering procedure that usually involves using a fake message or email to deceive the user and convince them to take action to benefit the cybercriminal.
According to Google, websites used for phishing attacks have grown 211% since 2017 and have become the great alternative for identity theft, which certainly worries companies, since it represent a risk in complying with the data protection laws.
It is very common to notice promotions on all digital platforms, especially on social networks and e-mail. Almost all people are attracted to offers, such as: 2 for 1, 50% discount etc.
Have you ever been interested in an ad or received a message from a bank that you are not a client of and ended up clicking simply out of curiosity?
It turns out that before you register and complete the purchase, you will need to know how information theft works so as not to fall into a scam. Below we will include a list some of the scam methods:
QR Code Phishing
The point is that anyone can create their own QR Code in seconds, including cybercriminals. They can change the code of some organization without them every suspecting. Since the URL is shorten, there is no way to verify that the site is correct before it is downloaded.
The user receives a legitimate email or message to elicit confidence and says that his information needs to be updated. Many people end up falling for it because they seem as reliable data on relevant topics such as: banks, family stipend, coronavirus, etc.
It is common for phishing emails to include a link for the individual to download or click, thus allowing the cybercriminal block access to the system.
This technique requests more details about the victim. The more information, the more confidence the person feels and ends up falling into the scam.
The recipient receives a convincing email which takes the user to a website full of malware. In many cases, hackers do so with the intention of reselling their sensitive data on the black market.
Vishing – or Voice Phishing – is a scam via audio. In many cases the person receives a call to “confirm” data, but in fact is stealing your information. The cybercriminal will try at all costs to make you answer, for example, calls from a call center by charging the payment of an account or a bank payment slip.
Smishing or SMS Phishing is another variation, but it happens via text messages. This method is simple: you receive a message on your cell phone with a not-to-be-missed promotion containing a malicious link. As soon as you enter the site, you will need to enter personal information and, upon doing so, the fraudster will use it later to get something in return or will try to connect to financial applications.
Cyber-attacks are in constant evolution, generating great challenges for companies’ IT teams. See our whitepaper about advanced threats.