Phishing attacks as a form of social engineering were the most widespread at the beginning of payment fraud. Such attacks are usually carried out by fake messages or emails sent to the victim, purporting to be from a friend or trusted organisation. Having opened a phishing message, a person sees content that is created in such a way as to intimidate and force the receiver to click on a specific link. There might be a clone of a legitimate internet portal or website. The victim is asked to log in, provide a username and password, or fill out a form to enter the account. After it is done, the credentials are stolen by criminals for further misuse.
Phishing or phishing attack is an illegal act to find out personal information (bank card number, password, etc.) for further misuse. Like ordinary fishermen have lures, nets, and other tricks to catch fish, phishermen have various schemes to scam people and take over sensitive information.
All methods and types of phishing use forgery.
With spear phishing, criminals are interested in a specific person. Before starting, they attempt to find out more contact information and explore any surrounding circumstances of the victim. The most common targets of the attack are employees who have the right to authorise payments. They are sent an email from the company's management asking them to send a payment, which is then redirected to the criminals on a fake website.
The criminals duplicate a regular message that the person has already received, which includes file attachments or a link. They change the attachment and send it to the victim. By clicking on a link to a website or opening a file, the person gives criminals access to their computer. Further, they look for sensitive information.
The victim receives a letter from a particular high-ranking person, which describes in detail the tough situation they got into. This is followed by a request to do a favour, to indicate bank details allegedly for transferring a large amount of money.
Attackers call the victim and introduce themselves as bank official or employee. They try to use threats in order to obtain personal information or force the victim to make a transfer to a specified account.
It’s similar to voice phishing. Sometimes malicious links are also used, which take the victim to a fraudulent resource. This technique is gradually disappearing as certain specialists can track scammers’ phishing messages and report phishing. To recognise the scam, it is necessary to analyse the received information when reading messages or emails, whether they are suspicious, strange, or unusual. In most cases, criminals try to appeal to people's fears.
Signs of a phishing email or scam:
Operations using bank cards and other payment systems, for example, PayPal, without the owner's participation are increasingly common.
The following are used to access them:
Phishing is dangerous for both computer and mobile users. Most often, the browser checks links for security. However, a person must learn to identify suspicious actions from potential scammers and protect oneself. Several rules will help with this:
If you need to enter personal information, make sure that the URL of the website address contains “https” at the beginning with the letter “s” at the end. This means it is safe, and you are protected from scams.