It’s Not Your Bank, But It’s a Scam: An (Almost) Definitive Guide to Avoiding ‘Phishing’ Attacks | your technology | Country

The email may look genuine and it’s hard to resist clicking on the attached link: a package held at customs, a bank notice of a Visa fee, a prize notice…using cyberattacks phishing They have become a veritable epidemic that takes advantage of the weakest link in the chain: man.

The basis of this fraud technique lies in deception. They create emails or SMS messages that look almost identical to the company they’re trying to impersonate, and if your guard is lowered, it’s tempting to click the link or open the attachment. These types of communications usually prompt the recipient to perform one of two actions; The first is to obtain data from your credit card or checking account, while the second, is to introduce some type of malware into the system.

The AI ​​will trigger the attacks

Moreover, the prospects are not good in terms of the scale and accuracy of phishing attacks: “Advances in artificial intelligence will lead to a frenzy of identity theft,” explains Francisco Arnau, Akamai’s regional vice president for EL PAÍS. Spain and Portugal, “Looking forward, we can expect that continued advances in artificial intelligence, such as those seen in systems such as GPT-3, will make targeted phishing more compelling, scalable, and popular.”

These systems allow the generation of “millions of emails or SMS messages, each tailored to the individual recipient, each with compelling human-like qualities,” explains Arnau. This feature will make it difficult to detect with current security technologies. This would pose a significant challenge to existing anti-phishing technologies, and “make it more difficult for people to detect suspicious communications”.

How to protect yourself from a phishing attack

The first thing to understand is that anyone can be a victim of a cyberattack with these characteristics. These automated attacks do not discriminate between individuals or companies, and are launched en masse with catastrophic consequences if the recipient falls in love with them.

See also  Apple will allow you to download apps that are not from its official store | technology
Image of a possible phishing popup.
Image of a possible phishing popup.Jose Mendiola.

The numbers are staggering: it is estimated that around 15,000 million emails are sent from these properties each day, a third of which are opened by the recipient. This technology is responsible for 90% of the security breaches that occur in the world, and as we have indicated, it is the human element that enhances its success. How can one protect themselves from a phishing attack?

Distrust, that great ally

When the offer is received Very seductive, it is better to be careful“, explains Fernando Suarez, President of the General Council of Official Faculties of Computer Engineering. This expert resorts to the most important protection barrier that can save the user from serious consequences. “No bank will ever ask us to change the password through an email and by clicking on Link”.

Kevin Mitnick, a well-known ex-hacker, explains to EL PAÍS that by default, “people tend to trust unless they’ve been victims of a cyberattack or have been educated about the threat of phishing.”

Never click on a link and check the attachment with the sender

Already relying on mistrust and suspicion as weapons, as noted earlier, any attack using phishing technology has two primary factors: a hyperlink or an attachment. Don’t forget that hackers either want to get valuable information from the recipient to empty their checking account or credit card, or install malware with worse intentions.

“If we get a hyperlink and hesitate, even better handwriting In the browser, the URL of the company that requests it from us “, notes Suarez, referring to the fact that, in general, these links are maliciously manipulated. The general rule, in any case, is that you should never click on a link that comes to us by email or opening attachments. For the latter, “it costs nothing.” sender contact By other means” to verify the origin of the attachment; i.e. call, WhatsApp or text, never reply to this email.

See also  Lullabies and K-Pop: An Analysis Reveals Favorite Music for Sleeping Technique

Monitor the “who” in emails

Cyber ​​attackers are getting more sophisticated when it comes to crafting emails, but they can’t always camouflage it completely. In this sense, lies one of the ways to detect deception Dominion from which it is written. Thus, if we come across senders whose domains are “Microsoft-support.com” or “Apple-support.com” (with different extensions than the original domain), we will know that we are the victims of an attack. In any case and when in doubt, it is best not to interact with this email.

The same goes for SMS. Suarez warns that “phishing attacks have spread to text messages,” and warns of an additional risk: “On mobile phones, we are less cautious than on computers, and we act more impulsively.” Package companies are collateral victims of cyberattacks, especially during times of high shipment volumes such as Christmas. Obviously, for example, a letter from the post office, demanding payment of customs duties, would conceal a cyberattack: “A bank or other large entity would never demand instant mobile payment,” explains Suarez. The problem is not the payment itself – generally low volume – but rather that when it is made, the user gives their credit card information to scammers.

What time was the message sent?

Mitnick’s experience in this matter is invaluable, and this expert provides evidence that can help determine phishing: time of transmission. If a person living in Spain receives an email demanding a payment or a refund and the shipment is sent at dawn, this is an essential element to arouse suspicion. In general, Internet users relate to the environments in Same time zonethrough which, on a connection outside of it, alerts should be activated.

See also  "Project Cordio", when the patient's voice explains everything | digitization | technology

In the same way, the Subject field can be a good indication of the purpose of the email:Use of language Is it familiar? Do they generally talk to you about you when you are addressed by familiar names? Do they address you with an email address? Also, if the subject area Displays “RE:” To indicate a reply to an email that was never sent, we will encounter another camouflage technique for online attackers.

Beware of the “Quick Reply!”

Another technique hackers use when carrying out a cyber attack is to create a file sense of urgency. This is evidenced by messages from supposed package companies, warning that there are a few hours left to pay the fee or the package will be returned. In general, it is not unusual for a large entity to communicate via email to solicit a response, and if this is the case, it is always a good idea to contact that company through some other means to validate the shipment.

Mitnick explains that the principle should be “Never click or enter our username and password into a conversation we didn’t start, which is a simple rule everyone should apply.”

You can follow country technology in Facebook s Twitter Or sign up here to receive The weekly newsletter.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button