Voltar

Win the fight against phishing attacks with these 5 tips

Phishing messages are among the biggest threats on the Internet. Most of these attacks occur via email, where the attacker poses as some trusted person or company from the contact list and sends a message with a link or attachment that requires a download. Unadvised users access these files and have their machines hacked. Intel did a survey of internet users around the world and found that 97% of users do not know how to identify a phishing attack.  

To get away from this statistic and avoid having your company’s machines attacked, we have prepared some tips that can help you:  

Ganhe a luta contra ataques de phishing com estas 5 dicas 1

What is phishing?

The word phishing was coined around 1996 by hackers stealing America Online accounts and passwords. By analogy with the sport of angling, these Internet scammers were using e-mail lures, setting out hooks to “fish” for passwords and financial data from the “sea” of Internet users. Phishing is an online fraud attempt that uses “bait”, i.e., gimmicks to attract the attention of an individual to make him/her perform a certain action.  

If individuals “take the bait” they may end up revealing their bank details or other confidential information to strangers, only to realize later that they have been a victim of fraud. Furthermore, they could contaminate their computer or smartphone with a virus or other malware.  

Ganhe a luta contra ataques de phishing com estas 5 dicas 3

How to spot a phishing email  

Scammers generally use users’ emotions to get them to respond to the message, revealing the information they want to obtain.

1. Pay attention to the sender

According to the Return Path consulting firm, more than half of phishing emails spoof the email from a trusted sender. The first way to identify a fake message is to check the sender’s address. A classic example is that the display name simulates that of the company, but the domain is completely different. Stay alert!

2. Subject

The criminals’ goal is to get people to open the message. To do this, one of the main tactics is to insert alarmist messages in the “Subject” part of the e-mail. Account suspension, promotions, debt collection, budget requests, and even alarming news about Covid-19 are some examples of topics used to attract victims.

3. Spelling mistakes

If you open the e-mail, analyze the message. Try to find any spelling mistakes. Texts with spelling errors can be an important indication that the e-mail is a scam.

4. Contact information

When the email is legitimate, there is more information about the company, such as other ways the user can contact you. Look out for the signature, if there is a phone number, or other ways that the user can resolve the problem reported in the email, rather than just clicking on the link in the message.

5. The urgency

Most phishing emails use words or phrases that convey urgency in the action the user is intended to take. The use of these words in the text of the email aims to get the user to click on the link, disregarding the necessary precautions. Pay special attention to emails that contain the words: Urgent, Important, Payment, Delayed, Expired, Attention, Security, etc.

Ganhe a luta contra ataques de phishing com estas 5 dicas 4

Don’t click on any links  

The golden rule to avoid becoming a victim of a phishing attack is simply not to click on links in emails or messages that ask you to log in. Even if you are being notified that your password has been stolen or hacked or that your account is about to be deactivated, don’t be tempted. In most cases, messages of this nature are fake.  

There are also phishing attacks that target Facebook, Gmail, Amazon or Apple accounts, among other services (where the user may have credit card data associated).  

If you doubt the veracity of the information, open a new window and directly access your account on those services – never copy the link from the message.  

If there is a problem, you can see it directly on the platform and never through the email.  

Ganhe a luta contra ataques de phishing com estas 5 dicas 5

Phishing beyond e-mail

Phishing websites: Phishing websites, also known as spoofed websites, are fake copies of trusted real websites. Hackers create these fake sites to trick users into entering their login credentials, which can then be used to log into their real accounts. Pop-ups are also a common source of phishing websites.

Smishing: Smishing is phishing via SMS. You receive a text message that requests to click on a link or download an application. But doing so will download malware on your phone, which can steal your personal information and send it to the scammer.

Vishing: Short for “voice phishing”, vishing is the audio version of Internet phishing. The hacker will try to convince victims over the phone to divulge personal information that can later be used for identity theft.

Social Network Phishing: Some attackers can access social media accounts and force people to send malicious links to their friends. Others create fake profiles and use these profiles for phishing.

Ganhe a luta contra ataques de phishing com estas 5 dicas 6

I have been the victim of a phishing attack: What should I do?

If you suspect you have responded to a phishing email with personal or financial information, take the following steps to minimize any damage:

Change the information you disclosed. For example, change passwords or PINs for the account or service you think may have been compromised.

Check bank and credit card statements regularly for unexplained charges or inquiries that you did not request.

Contact your bank or service provider directly.

Contact the authorities.

Ganhe a luta contra ataques de phishing com estas 5 dicas 7

Always stay protected

Phishing e-mails succeed only with the most inattentive people. Now that you know how to spot phishing e-mails and what to do if you suspect you are being targeted, you are much less likely to fall for these tricks. Remember to be careful with personal information when using the Internet and be cautious whenever someone asks for confidential details about your identity, login information, or financial data.

Newsletter!

Subscreva a nossa newsletter e receba semanalmente todas as atualizações, com bónus de um ebook diferente todos os meses!

Na Algardata sabemos como ajudá-lo

Faça um upgrade ao seu negócio para tornar os processos da sua empresa mais rentáveis e eficientes.
Preencha o formulário para podermos contactá-lo com uma oferta personalizada o mais breve possível.