Today, a large number of transactions take place online. We do our shopping, pay bills, transfer money to loved ones, conclude deals, and much more – via a computer or phone. And historically, where the money is, there is always someone trying to appropriate it: in this case, through phishing.
Phishing is a type of fraud, where hackers hunt for your passwords, personal keys, or other confidential information to access your accounts or profit in other ways (e.g. reselling the data). In this series of posts, I will explore the methods they use, and share the simple security measures that can help us keep our personal data – as well as our money – secure.
Scenario #1: Forged email from a known service
Very often, fraudsters impersonate someone your trust, be it a person or a service. This is called social engineering.
In 2003, thousands of eBay users got an email from the service asking to renew their credit card information. Those who followed the link ended up on a fake webpage (looking exactly like the original) that would record all the data and save it to the hackers’ database.
In other cases, there could be a trojan virus attached to the e-mail, else the link could lead to the webpage containing it. Any computer infected by the virus would similarly send information to the hackers or make transactions in their favor.
So how do we protect our data in this scenario?
- Hover the mouse cursor over a link or button in the email to see where it takes you before clicking on it (check the bottom left corner of the browser window);
- Quality forgeries may use a URL that looks very close to the original. Click on a little padlock icon to the left of the address bar to check the webpage certificate before inputting any data;
- Install an antivirus program and keep it up to date. It will warn you about virus activity on your computer or suspicious behavior of web pages;
- Don’t open attachments with executable files (.exe, .bat, .com are the most popular, and you can Google the rest). Also, be careful with PDFs from unknown sources, they may have malicious macros.
That is all for today. Next time we’ll look in on targeted corporate attacks. Stay cyber-safe!