It's not uncommon to see scam news on the internet, is it? Today we're going to talk about what phishing is and how to protect yourself from this web trap.
There are some very important details that help you to ensure your safety. Pay attention to reading!
What is phishing?
Every day, millions of virus threats are detected on the internet. One such form of threat is called phishing.
The name comes from the English “fishing”, giving an idea that the person who falls for the scam has their information “fished”.
The term was first used in the 1990s, when users of the company America Online (AOL) had their passwords hacked.
Phishing, in short, is the name given to electronic scams that aim to steal passwords, bank details, personal information and documents.
The difference between this scam and spam is the fact that the scammer poses as a trustworthy company or person, sending a message via email or SMS.
Last year, Lojas Americanas, Walmart and Magazine Luiza had to release a note explaining what phishing is and how companies were being victims of the scam.
The fraud was evident during Black Friday, when Facebook identified more than 200 pages that, with the “buy now” button, led consumers to a fake online store.
The layout of the pages were faithful copies of the stores' websites and, therefore, many people fell for the scam. When trying to buy the indicated product, the consumer entered their complete personal data and had their information misused.
At the end of the purchase, as is done in any e-commerce, a message was sent with the order number saying that the purchase was successfully completed.
How does the scam work
You have entered a website that you theoretically know. You placed your order and received confirmation. Would you suspect it was a scam?
The wealth of details that scammers use deserves attention. By understanding what phishing is and how it works, you'll become more aware of security issues.
There are several types of phishing, some easier to identify than others. The scams can be a fake message with a suspicious link or a bank website that matches the real one.
The intent is always the same, to steal personal and business information. When personal data is stolen, phishing is called “identity theft”.
In this one, swindlers usually pose as official agencies, banks and credit card holders, asking for their full name, address and private information.
The "theft of bank information" is very similar to this fraud, with the difference that the consumer is taken to a page that has data capture programs, filled in by the user.
How to identify a fake page
These scam cases serve as a warning to take more care with information security. To protect your data, we've separated some tips on how to distinguish what is phishing and what is an original site:
Pay attention to spelling
Most companies that have a strong communication have a specialized team oriented to follow the ethical and grammatical rules.
If you receive a misspelled email, be wary! Pay attention not only to slips in Portuguese, but also in English.
Analyze the voice tone used
Hackers' messages are often less personalized. In the body of the email there will be no personal traits that direct you directly to the site.
Another factor that characterizes phishing is the sense of urgency shown on the pages. Generally, phrases such as “buy now” or “come fast” will be used.
They appeal to this feeling that you need to act fast. Phrases are also used, such as “your account has been suspended” or “your service will be blocked”.
Many of these phrases will be highlighted flashing to get your attention. When in doubt, contact the company directly.
Pay attention to the type of promotion
Who wouldn't want to get a thousand reais off a store? Fake sites often promise this kind of “must-see promotion”. This is a lure for you to click on the link they indicate.
Another very common scam is that of the “congratulations, you are the number 10,000 consumer and for that you will get a super discount” type. Be careful!
Beware of links
Fake websites often have more ads than a regular page. Ads are often accompanied by banners, pop-ups, virus alerts and messages.
If you think you're phishing, delete the content right away! Close your browser, and make sure you are on a secure connection.
Do not click on any links with the messages we showed in the previous topic. No website requires the consumer to download links in order to access the main content.
Hover over the IP address or copy the link to Notepad to examine the page's URL and domain.
The website's domain is the “middle” of the address. In the case of our page, for example, it would be hosts.green. If a hacker wanted to phishing the site, they would probably choose something like h0sts.green or hosts-green.
Notice that the “o” was replaced by the number zero and, in the second example, a dash was added. Many people are not aware of this fact and end up being deceived.
Sites that deal with passwords and payments must have an HTTPS connection, which offers encrypted communication channels.
In addition to the acronym at the beginning of the site, see if the page has that “safe”, “protected” or “verified” padlock.
Google, in addition to usually showing real sites at the top of searches, has a free tool for you to look up addresses and avoid phishing.
Do not give anyone confidential information or fill out documents you did not request. Also do not open emails from strangers.
Check the website URL, as we taught earlier. Keep your browser always up to date, with all security and antivirus software working.
Once you understand what phishing is, you'll probably be more careful about security, won't you? If you want to stay on top of the best tips on monitoring, website and technology, visit our blog! It will be a pleasure to receive you!