What is phishing? Types of phishing, examples, recommendations.

What is Phishing and what are its problems?

Phishing is a social engineering technique used to obtain confidential and sensitive information by masquerading as a communication from a trusted entity, such as a well-known institution, company or website. The malware is usually not in the communication itself, but in the links within the communication. That's why you have to be vigilant mainly in the mails you receive because it is the main attack vector. Even more so these days when many companies are working from home.

Phishing Scenario:

  1. The most common way is for victims to receive an email or text message "impersonates" a trusted person or organization, such as a co-worker, bank, or government office. or a government office.
  2. When the user opens the email or text message, they may be confronted with different messages in some cases are messages that try to scare you with the intention of undermining your good judgment by instilling fear.
  3. If a user falls into the trap and clicks on the link in the email, it sends them to a site that is an imitation of the legitimate one. from the legitimate one and asks them to register with their user credentials and password.
  4. If you do so, the login information gets to the attacker, who uses it to steal identities, loot accounts and sell personal information.
  5. Depending on the magnitude of the type of user, sometimes social engineering is also carried out to get to know the victim and the role he/she plays in the institution, with the aim of reaching high positions in the company . The purpose of this explanation is not to generate fear but to raise awareness.
    When receiving an email or mail, check the source to detect whether it is trustworthy or not, especially in cases where sensitive personal information such as a password is requested.In case of falling into the trap, the first thing to do is to change all the access passwords to the different sites.

How do you detect if it's a phishing attempt?

  1. Check if we have received emails from that recipient.
  2. Check the domain (@.....)
  3. Spelling, grammar or mistranslation errors.
  4. Mails in another language.
  5. Suspicious links or attachments.
  6. Be wary of e-mails notifying you that you've won an incredible prize.
  7. Companies and banks never ask for sensitive data by mail.

Tips to avoid becoming a victim of phishing:

  1. Do not enter suspicious links sent by mail.
  2. Be careful if an email appears as spam, do not enable the images if you are not sure of their veracity.
  3. Do not enter bank pages sent through an email.
  4. If you access the link, check that it is a secure site (https with your certificate of trust).
  5. Do not use the same password for all sites.

Anti-phishing recommendations for companies:

  1. Train all staff.
  2. Phishing simulation to detect how effective the training was
  3. Use two-factor authentication whenever possible.
  4. Use password managers.
  5. Do not ignore security updates.
  6. It follows a policy of telecommuting.
  7. Do not write down passphrases for others to see (on a sticky note, for example), nor share them with anyone.
  8. Back up your important data so you can recover your files without having to pay for them.

We can accompany you in your end-to-end projects. Let's work together.

Contact

+54 11357 76266