What is a phishing attack? How not to get caught and what to do if you get caught?

Recently, viral mailings, suspicious SMS have become more frequent. For example, a Nigerian king who needs help getting an inheritance. Or a message about winning a lottery in which you did not take part. Often scammers try to steal personal data or even money. Added to this were cyberattacks by “neighbors” trying to intimidate or harm the population.

Today we will tell you what a phishing attack is and how to thwart the plans of scammers.
 

How does a phishing attack work?

A phishing attack is an attempt to steal a user's personal information. This is an Internet fraud with all the ensuing legal consequences for a scammer.

Phishing on the Internet is not just about passwords. For example, data when registering on the site, credit card numbers, phone numbers, names, passport photos, diploma numbers.

It does not use hacking programs or viruses. Professional phishing is when a user leaves data voluntarily. In this case, the fact of fraud is more difficult to prove. For example, scammers create fake news sites that imitate official media. The user goes to a phishing site, registers, and thereby reports his data to the site owner.

Also, a phishing link can lead to a group in social networks. For example, scammers can create fake news online, send a link by mail, disguising the news as a post on Facebook. When you go, you get to a site that looks like Facebook and you are asked to log in. You enter data - and they are in the hands of attackers. So that you do not suspect anything, a redirect is set up on the fake site, which, after a false authorization, will transfer you to a normal Facebook page.

A redirect is when a user follows a link to one site, but first gets to another, and then automatically redirects to the desired site.

In general, it is not necessary to receive a letter by e-mail. For example, links to credit offices or lottery wins often come via SMS.

One of the most influential phishing attacks happened in the US presidential election. John Podesta, head of Hillary Clinton's campaign headquarters, was the victim of such an attack. After receiving an email warning of a hack, the scammers suggested that he change his password immediately.

The site turned out to be phishing: by changing the password from the mail, John thereby transferred it to the attackers who got hold of his letters. There was a lot of compromising material among them, which undermined the credibility of the headquarters as a whole, and of Hillary Clinton. This was one of the levers for the victory of Donald Trump.
 

Phishing protection rules

Phishing attempts can be found everywhere: on the Internet, in mailing lists, in SMS, in advertising. Here is a minimum set of rules by our technical experts to avoid getting caught by phishing:

Look at the link. Often there is something wrong with the links of phishing sites. For example, hyphens, extra letters (for example, “gooogle” instead of “google”).

Don't rely on antivirus. Unfortunately, viruses are written by programmers, while antiviruses are made by companies that work with standards and popular malware. Antivirus may not help if you download and install malware yourself. But it's better to still be. But he will not insure better than personal caution.

Do not share data for authorization in social networks. Through one social network, you can get a lot of data: for example, knowing the password and mail from Facebook, you can log in to Instagram (and vice versa). It seems that if you do not transfer the number and CVV code of the card, then the money will not be stolen. But this is not so, attackers are able to find out all the rest from a small piece of personal data.

Monitor your online activities. For example, in Estonia, the tax department never makes a credit card refund. But often phishing emails report exactly this. All you need to do is just enter your card details. Naturally, no money comes after that. You may not know the laws, but you can always contact the bank and clarify the details.

Do not click on shortened links if you received them from a supposedly official organization. For example, a formal letter does not use a public link breaker. They have their own programs for this, like Google, for example.

The described links look strange. To motivate you to click on the link, there is usually an accompanying text. For example, the content of an email newsletter, a post in a targeted ad, or a personal message in a messenger. Usually its content is strange: the sentences seem to be written by a bot, there are a lot of errors in the text.

Clicking on a link usually does not result in a data leak. But after the transition, there is always a request for authorization, registration or confirmation of some data. But even if you don't enter anything, clicking on the link is enough to get the malware. Now even a browser from Yandex can leak your data, although in fact it is not a virus.
 

How to use the Internet and stay safe?

Fraudsters do not need to develop malware or try to hack into your computer or laptop. It is much easier to extract personal data by forcing a person to personally enter it where necessary. Therefore, such fraud is called “phishing” from the word “fish” (fish).

BRIZ calls to be careful: no rules and antiviruses will help if the user is not careful in the network.

Remember that the use of personal data and how much harm it can cause depends only on the skills of the fraudster. Even a simple photo will be enough to make a fake passport scan and use it in something illegal. Be careful, especially now.