Phishing attacks as a form of social engineering were the most widespread at the beginning of payment fraud. Such attacks are usually carried out by fake messages or emails sent to the victim, purporting to be from a friend or trusted organisation. Having opened a phishing message, a person sees content that is created in such a way as to intimidate and force the receiver to click on a specific link. There might be a clone of a legitimate internet portal or website. The victim is asked to log in, provide a username and password, or fill out a form to enter the account. After it is done, the credentials are stolen by criminals for further misuse.
What is phishing?
Phishing or phishing attack is an illegal act to find out personal information (bank card number, password, etc.) for further misuse. Like ordinary fishermen have lures, nets, and other tricks to catch fish, phishermen have various schemes to scam people and take over sensitive information.
Phishing attack techniques
All methods and types of phishing use forgery.
With spear phishing, criminals are interested in a specific person. Before starting, they attempt to find out more contact information and explore any surrounding circumstances of the victim. The most common targets of the attack are employees who have the right to authorise payments. They are sent an email from the company's management asking them to send a payment, which is then redirected to the criminals on a fake website.
The criminals duplicate a regular message that the person has already received, which includes file attachments or a link. They change the attachment and send it to the victim. By clicking on a link to a website or opening a file, the person gives criminals access to their computer. Further, they look for sensitive information.
Nigerian Letters (Cheat 419)
The victim receives a letter from a particular high-ranking person, which describes in detail the tough situation they got into. This is followed by a request to do a favour, to indicate bank details allegedly for transferring a large amount of money.
Attackers call the victim and introduce themselves as bank official or employee. They try to use threats in order to obtain personal information or force the victim to make a transfer to a specified account.
SMS phishing (smishing)
It’s similar to voice phishing. Sometimes malicious links are also used, which take the victim to a fraudulent resource. This technique is gradually disappearing as certain specialists can track scammers’ phishing messages and report phishing. To recognise the scam, it is necessary to analyse the received information when reading messages or emails, whether they are suspicious, strange, or unusual. In most cases, criminals try to appeal to people's fears.
Signs of a phishing email or scam:
- incredibly lucrative offer;
- letter comes from a friend with whom you haven’t communicated for a long time;
- email is not associated with immediate responsibilities;
- tone of the text evokes fear;
- email contains attachments or strange links.
Bank card payments-based phishing attacks
Operations using bank cards and other payment systems, for example, PayPal, without the owner's participation are increasingly common.
The following are used to access them:
- counterfeiting of online stores;
- redirection to fake sites of well-known portals when a person orders a service on them, and the payment goes to fraudsters;
- infection of electronic equipment with a malicious virus.
How to prevent phishing
Phishing is dangerous for both computer and mobile users. Most often, the browser checks links for security. However, a person must learn to identify suspicious actions from potential scammers and protect oneself. Several rules will help with this:
- delete messages and emails from strangers;
- do not click on suspicious links;
- check digital certificates of portals;
- if you suspect a phishing attack, enter the sender's name into a search engine and see if this individual has been convicted of social engineering;
- do not enter online banking from public Wi-Fi;
- use special anti-phishing programs.
If you need to enter personal information, make sure that the URL of the website address contains “https” at the beginning with the letter “s” at the end. This means it is safe, and you are protected from scams.
Ready to boost your business to the next level?
Get in touch with us and we will try to provide you with the most relevant offer.