You see a great promotion on a website and decide to take advantage: fill in the data, make the payment and, when you receive the product or service, realize that you have suffered a scam. This type of practice is called phishing and, according to experts, coupled with other types of approach the main cyber threat in Brazil today.
READ: Scam of fake buy makes victims in the Free Market; see how to avoid
According to Cyxtera, a digital security company specializing in electronic fraud, about 90% of attacks begin with some form of phishing campaign. The most common forms are email campaigns and can reach both large user networks such as corporate employees or consumers of an application as well as specific individuals.
Phishing: Know the scam that causes 90% of Internet thefts Photo: Divulgao / Bully Hunters
This was the case of Bruno Souza, who had to cancel his credit card twice after being deceived. On the first occasion, he says he received an email allegedly sent by Netflix. Attracted by the promotion and confused by the similarity of layout and text, he clicked on the link received. "I had seen that they would be new accounts, entitled to six months for free. The site was practically identical to the original. You would have to make a new registration, with your CPF, credit card, all that explains.
After entering all the information, Bruno noticed that something was wrong. "I had no access at all. I realized that I had fallen for a scam and had to cancel the credit card, remember. Some time later, he was again deceived. However he was able to repair before things got even worse and, narrowly, The headache was not much greater.
This time Bruno's mother received a Facebook ad warning of a washing machine promotion on Americanas. Shortly before, she had done some research on the internet in order to buy the appliance. For receiving the advertising recommended directly by the social network, she did not imagine that it was a scam.
Bruno then started the buying process on the site, which was a very well made copy of the original store. The difference actually was in the link. "I made the purchase and put the credit card. The said that did not accept installments. I went to try again, view, and said that the payment should be made only by bank slip, account.
It was what he began to find strange and decided to enter the brand application. There, he found that the washing machine was not on sale at that amount. The next day I canceled the card. Only I received all the transactions I made by SMS and several notifications of purchase cancellation arrived. That is, they were already using my credit card and the launches were not finalized because I canceled, Bruno reports.
Bruno found the scam by checking the promotion in the brand app Photo: Helito Beggiora / TechTudo
Recovered from scares, he talks about the frustration of being scammed on the internet. "You feel like an idiot because you keep thinking: How did you fall for a promotion like this, as was the case with Netflix? In addition to being stolen, you feel stupid having fallen into one of those, you let off steam.
How to identify phishing
According to Cyxtera, between 2017 and 2018, about 90% of cyber security executives reported attacks by at least one type of phishing. In this universe, in a kind of scam, fraudsters create highly detailed emails, impersonating a high-level executive or an organization's financial officer, to gain access to confidential information. In some cases, they even request money transfers to their own accounts.
With so much professionalism to deliver the scam, Michael Lopez, Cyxtera's vice president and general manager of Total Fraud Protection, stresses the importance of being alert not to fall for scams. Globally, attacks occur at any point of contact with users, including app stores hosting rogue apps, fake social networking platforms, SMS messaging, fake domains, and more, alert.
Lopez sums up phishing as "the art of deceiving people into doing something that would benefit the attacker. According to him, criminals use social engineering techniques to harness the curiosity, emotions, fears and gullibility of users." The attacks are very large, aiming to attract as many people as possible. Targeted attacks are more sophisticated and involve more planning and research on the victims, he explains.
To ensure that people fall for these scams, fraudsters employ psychological tricks and try to create familiarity with the victim by disguising themselves as a friend, collaborator or a company. "They associate a sense of urgency with attempts to 'scare' the victim and take action 'immediately." For example: Click a link now to prevent an account or service from being suspended. These are the tricks we must watch, warns Lopez. .
If you suspect you have been injured, Lopez advises that some action be taken immediately. "First, disconnect your device from the Internet. By denying an attacker access to your system, you can prevent further damage. As it is possible that your device is infected, change your passwords and run your antivirus program," he says.
According to him, especially important to be alert to identity fraud. "Monitor your bank and credit card accounts. You can even inform these institutions that you were the victim of a cyber criminal," Lopez suggests.
Finally, it is important to report the phishing attempt. "If it came through your corporate email, alert your security or IT staff. If it came from a website, most have contact information to report these types of events," he says.
Expert tips to avoid falling for scams while surfing the internet Photo: Rassa Delphim / TechTudo
Now, if you want to protect yourself going forward, check out the list of precautions you should take, according to the expert:
- Suspect unsolicited phone calls, visits, or email messages from people or businesses asking about employees, customers, credentials, or other internal information
- Do not provide confidential information by email
- Verify a site's HTTPS certificate before sending sensitive information to that site
- Try checking for suspicious requests, visit a website directly – don't click on a suspicious link