The phishing scams are becoming increasingly popular: in 2018, at least nine people had their data stolen per second. And what most people do not know, is that finding personal information about you on the internet is very easy, even for non-hackers.
What is phishing?
The phishing is a type of scam in which a website, email, app or service tries to trick the user, posing as real bodies in order to collect data and personal and highly sensitive information, such as number and credit card passwords, bank account numbers and passwords, GR numbers, CPFs and other documents, and so on.
The term is a corruption of the word “fishing“, by describing the general approach: forgers launch a “bait” false, waiting for the unsuspecting user “bite the hook”.
Among the variations, spear phishing is the most common: this is usually the attack targeted at a specific individual or company, through an email, apparently from a trusted source, which redirects the user to a site usually going through a requesting sensitive data. That is why the spear, where it is only possible to fish one fish at a time.
How simple is it to collect phishing data?
It depends on the type of data, but overall it’s very simple, for one simple reason: most users provide such information all the time. According to Kaspersky, there are a number of methods of phishing scams, from the simplest to the most complex, that even a layman can use to get the data he wants.
Here are some examples:
The facial recognition is one of the most complicated methods. First, the attacker would need a real image of the target (usually the victims are executives of large companies), and in possession of it, would use private software to find matches in social networks.
One of them is FindFace, focused on security solutions.
2. Name and/or surname
This is the most basic phishing scam. Having the name and/or surname of the target in hand, running a search for information from the same by Google Search becomes much simpler. Of course, the effectiveness of this method depends on how common the name is, and whether the individual has a presence on the internet.
3. Cell phone number
This is one of the most effective phishing scams, since every mobile-only number is linked to the user’s CPF. Because a lot of people do not care about the number itself, since it’s easy to switch, people often share it through social networks, paving the way for false calls and SMS messages.
4. Email address
Like the mobile number, we usually share our email addresses, even those reserved for commercial communications, with almost everyone, or we advertise them openly on the network. With one of them in hand, a hacker can easily send fake messages, trying to target malicious websites.
Online tools such as Namech_k and Knowem search for usernames on the internet, behind correspondences in various services. So if a hacker knows your username on one platform, he can track it down on others in order to throw more fake baits so you can bite at least one of them.
How to protect yourself from phishing scams?
1. Check the email
It’s basic, but always check the sender’s email address. If it has strange characters or expressions, do not click anything;
This goes for links sent by email, social networks or SMS messages; avoid clicking on anything, and always check the official sources before making any decision. In general, banks and financial institutions never ask for data by phone or electronic means;
3. Use security tools
Anti-virus, firewalls, and other software offer phishing blocks and are always updated with new malicious websites and apps.