Phishing is considered one of the simplest forms of cyberattack, but at the same time it is very dangerous and effective. Whoever carries out this crime of tricking people into sharing confidential information does not require sophisticated technical knowledge. It is about betraying the human mind and although we think that we are not going to fall for the bait, it is easier than we think to provide data such as our passwords and credit card numbers without realizing the deception.
Most phishing campaigns operate by exploiting the names of well-known companies, brands, and products. Criminals want to make users think that the initial message is from a legitimate entity, thus increasing the chances that it will click and trigger the download of the malware. Sectors such as technology, banking, social networks and streaming TV platforms are some in which more cases of phishing have been detected. In terms of channels, email is still the most common channel for brand phishing: it accounts for 44% of all attacks of this type.
Panda Security offers a series of tips to protect us from these threats. One of them is to learn to identify them since there are certain characteristics that can reveal an attack through an email, such as formatting or grammatical errors, bad spelling or generic greetings such as ‘dear user’ or ‘dear customer’. Also, make sure that the links start with https: // and not with http: //. It is also recommended to share data as little as possible and delete suspicious emails without opening them and without clicking on any links. Attachments in these suspicious or strange emails should also not be opened. Having the latest versions of software will also help us protect ourselves.
Two out of every three emails we receive contain a tracking pixel, also known as ‘spy pixels’. Despite its name, this small code that is inserted in the emails serves for the sender to monitor what exactly we do with that email. Although it is common for this information to be collected as Big Data to have more precise marketing campaigns, it is a technology that hackers can also use.
In general, the most used mail managers already block the automatic download of images if they detect that there are pixels classified as suspicious. But it’s still important to set your browser and email settings to be more restrictive. For example, blocking external graphics or emails with HTML layout. “We are aware that these measures, although effective, are not the best way to protect ourselves against spear phishing attacks. For this reason, the Panda Dome security suite detects and neutralizes the attack attempts that we receive globally, not just by email. It is important to understand that what is at risk on the Internet is not our computer or our mobile phone, but our entire digital identity ”, adds Hervé Lambert.