Phishing is a tactic used by cyber criminals to attract victims through fake messages, whether sent by email or distributed on social networks. The goal is varied, from directing users to fraudulent websites to stealing sensitive data and even inducing the installation of malicious software, such as malware and ransomware.
The good news is that there are some tactics that avoid falling into this type of scam. The general recommendation is to be prudent when receiving any type of unknown message, but it is also important to be aware of the signs present in fraudulent emails. Here are some tips to never be a victim of phishing attacks again.
Facebook phishing scam tries to steal login and password; know how to avoid
Phishing used to attract victims by email Photo: Divulgao / AVG
According to the Return Path consultancy, more than half of phishing emails spoof the email from a trusted sender. The first way to identify a fake message is to keep an eye on the email address of the sender. A classic example is the display name to simulate that of the company, but the domain will be completely different. Always be aware of this.
Domain does not match the one used in the display name Photo: Reproduo / Gabriel Ribeiro
The idea of criminals is to get you to open the message. For this, one of the main tactics is to insert alarmist messages in the "Subject" part of the email. Account suspension, promotions, debt collection and budget requests are some examples of topics used to attract victims.
Subject calls attention to phishing message Photo: Reproduo / Gabriel Ribeiro
If you open the email, take a quick look at the message. Try to find some Portuguese error. Text with spelling problems can be an important indication that the email is actually a scam.
Example of a fake message used in a phishing attack Photo: Reproduo / Gabriel Ribeiro
When the email is legitimate, there is more information about the company, as well as other ways in which the user can contact. Stay tuned for signature, if there is any type of phone, or other ways that the user can solve the problem reported in the email, instead of just clicking on the link in the message.
Signature informs contact phone in message used for pishing Photo: Reproduo / Gabriel Ribeiro
No click. Did you suspect? First of all, do not open the email and, if it does, click on the link in the body text. Remember that the message is only part of the scam, and that the next goal is to get you redirected to a fake website. A tip, before opening the email, hover over the link to verify the domain. If you point to a different site from the company, sign of scam. But watch out letter by letter, as criminals can use a very similar domain. For example, the address may be www.techtuudo.br, instead of www.dnetc.br.
Do not download attachments from strangers. In addition to redirecting to a fake website, phishing attacks can be used to trick the user into downloading a malicious file, such as spy software or even ransomware. Therefore, avoid downloading unsolicited attachments. This goes for any type of file, such as compressed documents, PDFs, text files or spreadsheets.
Check the information. Did you receive notice of an account suspension? The best alternative to find out if the truth is to go manually by typing the official URL in the address bar of the browser to the company website and checking if the message matches. If there is a reliable contact number for the company, make the call.
Do not share your data. No company will ask for sensitive information by email. Never enter a credit card number or personal data in a message. The same goes for the website you are redirected to.
Via Return Path and Infosec Institute
Any suggestion of anti phishing free? Take your questions in the dnetc Forum.
How to remove viruses on an Android phone