SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
2 Oct 2014

Why phishing works and how to avoid it

Phishing attacks are by far the most popular form of cybercrime in the 21st century. The media regularly reports lists of organizations whose customers fell victim to phishing attacks.

Phishing scams increase in quality and quantity every day. Whereas spam tends to be merely an annoying distraction, phishing frequently leads to real financial losses. If the threat is so real, why don’t people learn to avoid it?

There are numerous reasons why phishing works so well, starting with the ability of the scammers to play mind tricks on victims, in order to lure them into trouble. Phishers can use tempting offers, like complimentary giveaways, in order to bait users. This is a very efficient method, as many people would likely take advantage of a free offer.

Why phishing works? There are many ways to take advantage of a user’s trust

A scammer can also use the buzz around a certain topic or event – take, for example, the large-scale scam that occurred after the FIFA World Cup. In the summer of 2014, a phishing site imitating the official FIFA web page, prompted users to sign a petition in defense of Luis Albert Suarez, the star forward on the Uruguay national team. In order to sign the petition, a user had to fill out the online form, which required one’s name, country, mobile phone number, and email.

Another scam website offered its visitors an opportunity to download an e-ticket to the championship. Clicking the link would then download a Trojan, which would hijack critical personal and financial data.

In order to reach those users who are wise to phishers’ tricks, cybercriminals use another efficient tool with an immense reach originating from the victim’s friends’ accounts – for instance, on social networks.

According to Kaspersky Lab, over 35% of the anti-phishing module alerts in 2013 reacted to phishing websites faking social media pages. Out of over 600 million attempts to access a phishing site that we were able to detect, 22% of cases dealt with fake Facebook pages.

Another extremely fruitful method that is used to fool a victim into clicking on a phishing link is creating a sense of urgency and panic. This could be done in a scenario where a scammer threatens his victim with blocking their user profile or even a bank account. To enhance the efficiency of such an approach, the criminals also resort to so-called ‘vishing’ (or voice phishing, performed over the phone). Not everyone is so cautious in such a ‘critical’ situation that they will think to decline the requests of an extra-assertive ‘ban security officer’ asking for credit card data in order to prevent an account from being blocked.

Phishing is constantly evolving

One of the main reasons why phishing has been so successful is because of the constant technical evolution of phishing instruments, which are becoming increasingly sophisticated.

Visually, fake websites are hardly distinguishable from legitimate pages; moreover, many of them have convincing domain names and, in some cases, even employ a secure HTTPS connection with genuine certificates.

Mobile phishing has also become more and more prominent. Due to the technical peculiarities of smartphones and tablets (smaller screen size, for instance), it can be even harder to tell a phishing site apart from a legitimate one.

One should always bear in mind that when performing a phishing attack, a cybercriminal does not necessarily need to break into your system. This is why no existing platforms are capable of fully protecting you from phishing, making it a truly universal threat.

It is extremely profitable for cybercriminals

The overall popularity of phishing will not fade away as it is a highly profitable form of cybercrime. Phishing tools are easily accessible, and their reach is tremendous thanks to highly populated social networks (600 million, remember?). Also, the act of phishing requires little effort from the criminal, as the majority of actions performed by phishers are automated.

With all of that in mind, a cybercriminal can get a very decent paycheck. In the majority of cases, phishers hunt financial data. There is no need for sophisticated schemes to monetize the harvest.

Furthermore, phishing tends to be used alongside other criminal methods, creating efficient synergies for the culprits. Say you get a phishing email via spam, and as soon as the criminals are in possession of your contacts, the phishing email is then transferred on. With the creation of an extensive database of live contacts, hackers can send out malware in bulk and use the resulting botnet as they deem appropriate.

Ultimately, do not assume that the only thing scammers seek is your credit card or financial data. Many phishers would be perfectly happy with getting access to your user credentials in an email service or social network.

How to avoid phishing?

So what tips and tricks can users arm themselves with? First of all, use common sense. Keep calm and do not fall victim to provocations that are acting as an agent for online scams and ‘vishing’. Take a thorough look at the links and websites that they direct you to.

If you receive a suspicious link from a friend or colleague, make sure that they are indeed the ones on the other side of the connection before clicking on the link. When facing a ‘vishing’ attack, remember that no bank employee would ever urgently require your credit card details.

Tags:
phishing fraud
Source:
Kaspersky Daily
Author:
Vladimir Bezmalyi
3020
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015