The development of the internet and its expansion to the entire population in general means that cyberspace – the internet – is a place where people, including private individuals, public institutions, and private companies, meet and interact. In this context, new models and methods of scamming have emerged such as, for example, well-known phishing techniques.
What is phishing? In general terms, phishing is a method of identity theft. The offender, through the use of social engineering techniques, pretends to be a company, government agency, or another trusted party to obtain personal information and/or identification data and access information in order to cause the victim economic damage.
These techniques may differ in their approach. The ICO has classified them as follows:
- Spam texts/smishing: The sending of SMS (text messages) that generally ask users, through a link, to access fraudulent web pages.
- Nuisance calls/vishing: Contacting victims by telephone, usually requesting the verification of specific information.
- Phishing: Communication through email with malicious files or software attached or, again, requesting that victims access fake web pages or intranet pages.
Nevertheless, as highlighted in the last edition of the Black Hat safety conference, the constant changes and evolution in the “modus operandi” of this technique are key to explaining the effectiveness of this phenomenon.
These are not the only reasons behind the permanence of phishing, however. Criminologists and prestigious experts in the Information Security sector, such as Google’s Elie Bursztein, agree that the ignorance of the victims is a fundamental element in the prevention.
Avoid falling victim to phishing:
- Pay special attention to the communications you receive from banks, social networks, or known services (Google Drive, the Royal Mail, HM Revenue & Customs, etc.).
- Clearly identify the sender. In particular, if it involves communication via email, verify the email address. Companies typically use their own domain for communication. In this vein, Pridatect sends communications to its customers through corporate email addresses from the domain: @pridatect.com.
- Be suspicious of any messages that contain grammatical errors or whose writing addresses you in general terms. In general, professionals will address their customers and users by their name or use personal greetings.
- If you are asked to visit the sender’s website in the content, access the site directly from the official web page by typing the address into your browser. Clicking on any links provided is not recommended.
- In regards to passwords, credentials, or other personal data, requesting such information through email is not common practice. Because of what phishing is, as a general rule, you should never provide this type of information via messaging channels such as email, SMS, or WhatsApp.