Understand what it is phishing and how to prevent this scam

If you got here, chances are you’re not sure what phishing is. But rest assured, because at the end of this article, you will know how to answer exactly what it is, as well as everything that is important to know and is related to this term, which currently consists of one of the most serious and biggest problems on the Internet.

The numbers are alarming, especially for Brazilian users, since Kaspersky's first quarter 2018 report, shows that Brazil is the country with the highest percentage of users affected by phishing. Of approximately every 5 phishing victims in the world, one is located in Brazil. It is precisely 19.07% of the total.

As a whole, according to 2017 data, cybercrime is estimated to have losses in the order of US $ 22 billion , with 62 million Brazilians as victims, that is, more than 60% of the adult population connected to the Internet. It's a lot of people and you can integrate these statistics!

What is Phishing?

The term originates in the English language and is precisely associated with the word fishing, which is fishing. When thinking about the concept of fishing, one begins to understand what phishing is, since like the ancestral activity, the goal is to obtain something using a bait to attract attention and trigger an action.

The cyber criminal seeks information that can be used and / or that yields some financial return. Bank details, personal data, e-mail accounts and respective passwords, data on access to systems or websites, are examples of useful data that are used to earn earnings. The role of the “virtual thief” is to create baits that are sufficiently attractive and well disguised and that will be used to deceive the victims.

Therefore, phishing is not exactly a specific action, but the concept by which the hacker - actually a cracker - aims to have access to privileged or useful information and for that he can use a variety of actions to achieve his purpose.

How does Phishing occur?

There are variations and as we mentioned, a set of actions by the cracker and its objective is what characterizes phishing. However, the most common is that there are e-mail messages as part of the process that constitutes phishing.

Usually the scam begins with sending messages whose subject is related to topics of interest or that arouse the curiosity of the recipient. Examples of frequently used subjects are: “Bank X security update”, “Your order has been approved” or “Photos from the weekend”.

Whatever the case may be, what you see in common is that the subject is aimed at you clicking on a link or opening an attachment. If you act like that, you’re hooked and it’s clear why the name phishing. From this point on, some type of malware was downloaded and installed on your computer or directed to a website that is a copy of a legitimate website (eg, a bank website) and in which you have entered information that the cracker wants to obtain.

What is malware?

Malware is the generic designation of all software created for the purpose of performing harmful or malicious actions on the devices where it is installed or executed, since it is not necessary to be installed to achieve its purpose. It is basically a small computer program, the purpose of which is to exploit some security breach of your computer, giving, for example, access to the passwords you type in it.

Malware can belong to one of several classes, which exist to differentiate them according to their characteristics and the type of action associated with it. Thus, among the most popular classes of malware, there are trojans (Trojan horses), worns (worms), viruses, adware, keyloggers, screeners, spyware. Therefore, the popular “viruses” correspond to only one of the many existing classes.

In technical terms, it doesn't make much difference which name or class the malware belongs to and what matters, it's what it does when it's active on your device.

It is through the malware that the cracker will be able to get what he wants, for example, performing a search for content on your computer, registering all the keys you press, or images of the screens you browse, or simply exploiting or including vulnerabilities in the system you use and thus gaining some type of access or control over the device used.

In short, when you have a device (notebook, tablet, desktop, smartphone, etc.) that contains malware, everything you do on it and all the data contained therein, is to a greater or lesser extent known to the malware author.

Phishing Variations or Types

As we said earlier, phishing does not consist of a single and very specific action. Thus, there are variations and sets of actions that characterize this virtual scam:

Phishing by email - it is the oldest and simplest form and everything the cracker needs is in the email itself. Usually the malware comes as an attachment to the email message or there is a link by which it is downloaded to the victim's computer.

Site Clone - in this variant, the objective is for the victim to access a fake site that simulates another legitimate one for stealing data from its users. The most common example of this type of phishing is the fake bank pages, which target victims to report their bank details.

Ransonware - is the most recent type and has been widely publicized, since the authors do not necessarily steal the data, but block it through encryption and only release it through a “virtual ransom” usually paid using cryptocurrencies.

Whaling - comes from the word whale, which is whale in English and, therefore, used when a “big catch” is intended. Usually, in these cases the number of injured people is small, but individual losses can be large and / or important.

Smishing - the target here is always smartphone users, since the dissemination is done by sending SMSs, whose content is about false promotions or prizes and that the moment the user tries to access or redeem, he ends up having his stolen data.

DNS Cache Poisoning - consists of the most sophisticated type, as more actions and resources are needed to obtain the desired results and consists of “poisoning” DNS servers in order to change the server for a given domain, informing a fake that is accessed and used to “steal” the desired information.

How to prevent phishing?

The best weapon against phishing is prevention and it is more likely to be effective if the people involved have information and knowledge related to the problem, since in most cases phishing occurs due to problems related to the human factor and not just due to failures security systems (hardware and software).

Therefore, circulating the information below can help a lot in its prevention. Here are 20 precautions that, if properly observed, can significantly decrease the number of phishing occurrences:

Avoid simple passwords, especially those that use sequences of letters, numbers, dictionary words, proper names and dates. Passwords considered 'strong', must be at least 8 characters, combining letters, numbers and special characters (@ # $% &; * {} ...). In this case the cracker tries to obtain the password using 'dictionary attack' or 'brute force'.

Avoid using the same password for multiple accounts or for different purposes (email, Facebook, Instagram, Dropbox, login to the operating system, etc.). If the cracker gets access to the password in such a situation, he will be able to access all of his services.

Changing the most important passwords with certain periodicity is highly recommended. If at any time it is necessary to provide a password for some type of support, change it as soon as the support ends, or provide a temporary password.

As we reported, there are different classes of malware and for this reason, there are specific programs to detect and remove each class. You have more information on sites like: http://www.linhadefensiva.org/downloads/antivirus/#on

Acquaintances (friends, relatives, neighbors, etc.) are also victims of malware and may have their devices (notebook, smartphone, etc.) compromised. Therefore, it is not because the e-mail received is from someone you know, that it is trustworthy, in addition, many malware send themselves to the entire contact list.

Having antivirus software installed on your phone or computer does not mean that you are 100% secure. There is no antimalware that identifies all existing malware and in addition, there are classes that require specific programs for their identification. Therefore, even if you have security systems, always be careful with the attachments you receive and links you click on, checking their origin when possible.

It is not because the security tools (antivirus, antispyware, firewall, etc.) do not filter the totality of existing threats, that one must give them up. More than that, having the latest versions and keeping them up to date is essential.

Some malicious actions are aimed at knowing whether an email address is active and correct. For this reason, emails with auto-replies and responding to requests for confirmation of reading are practices that should be avoided and used only when absolutely necessary.

Avoid accessing emails, control panels or any type of access where you have to provide sensitive data through computers or devices whose security cannot be guaranteed, such as in lanhouses.

The above situation also applies to computers from people you know, remember that they are also subject to being victims of malware or other security problems.

Usually the phishing offender adopts known brands and names in an attempt to give the fraud more credibility. Do not rely solely on the supposed origin of the content or name involved. Check related information on the company's official website or even on other service channels, such as an 0800 number.

Financial institutions, such as banks, rarely make contact with account holders by email and when they do, it is in specific situations and previously authorized in hiring a specific service. Confirm whenever possible with your bank, especially situations where you are asked for sensitive data and when it involves transactions.

Bank sites and sites where electronic financial transactions are made, such as e-commerce sites, always use connections to security certificates. Adoption is easily verified, since a lock icon will always be displayed, and the website address will display an HTTPS, indicating that the transaction is taking place over a secure connection. The absence of this, certainly indicates that it is a fraudulent site.

If the absence of SSL on some sites, it is certain that something is wrong, the presence of the security certificate (SSL) is no guarantee that the site is secure. SSL is a security measure in the exchange of information between the website and a device that accesses it, but it does not prevent it from being hacked, for example, if you have problems with programming.

It is advisable to be suspicious when the content of a message seems overly incredible or stimulates your curiosity too much. Remember that this is the goal of the cracker. Whenever possible, first check with the sender before sending.

In most cases it is possible to check the real address of a link, just by placing - without clicking - the mouse cursor on it and the complete address will usually be displayed at the bottom of the window. Look at the complete spelling carefully and make sure it matches a known site before clicking.

When it is not possible to view the address corresponding to a suspicious link, right-click on it and select copy link / shortcut. Paste in a text editor, such as notepad, so that you can evaluate it carefully.

When using a CMS (Content Management System) to create and maintain a website (Wordpress, Joomla, Magento, etc.), look for information regarding the security procedures associated with it and always keep it updated. There are currently many security issues related to them. Do not install plugins that have not been tested and approved by the CMS user / developer community.

The most used CMSs have large communities with many websites and forums, which gather updates, tips, security information, flaws and corrections related to the system. Sign up to receive information from them and stay informed about.

Make sure that any program or app you install on the devices you use comes from, especially free ones that are not provided by official Microsoft, Apple and Google stores, which constantly check the content provided by them.

The above guidelines and precautions, if followed strictly, can drastically reduce the chances of security problems and consequently phishing.

But what if I am a victim of phishing?

The volume of phishing circulating on the Internet increases day by day, as well as the level of elaboration of the scams have gained in sophistication and, therefore, one carelessness is enough to become part of the statistics. So, if you realize that you were one more who fell into the 'trap', do not despair. The following are some measures to reduce the impact and likely consequences:

If you suspect that your computer is compromised by malware and was used for phishing, turn it off immediately and contact the related companies (bank, e-commerce site, ISP, hosting company, etc.) and explain your suspicion . This is essential, so that measures such as changing passwords and locks, stop the spread and increase the problem.

If the previous situation is confirmed, it is necessary to proceed with the removal of the malware. If you don't know exactly what to do, call a technician or specialist you trust.

You may want to use more than one antimalware tool to make sure your machine is trouble free.

If e-mails associated with phishing were sent by your e-mail account to your contacts, it is highly recommended to elaborate and send an e-mail to them, informing them that you have been a victim of malware and that it is recommended that they scan your computers to make sure they haven't been compromised.

Once you are sure that the devices you use to access the Internet have had their malware removed, change the passwords for all services you access through the device.

Conclusion

As the Internet is used more and more every day for work, personal issues and leisure, there is more exposure to problems and issues involving network security, taking advantage of the human factor to disseminate the problem. Thus, it is up to the user to reduce the problems, keeping up to date, taking basic care, adopting good practices and disseminating information.