How can we protect ourselves from phishing?




Phishing is considered one of the simplest forms of cyberattack, but at the same time it is very dangerous and effective. Whoever carries out this crime of tricking people into sharing confidential information does not require sophisticated technical knowledge. It is about betraying the human mind and although we think that we are not going to fall for the bait, it is easier than we think to provide data such as our passwords and credit card numbers without realizing the deception.

Most phishing campaigns operate by exploiting the names of well-known companies, brands, and products. Criminals want to make users think that the initial message is from a legitimate entity, thus increasing the chances that it will click and trigger the download of the malware. Sectors such as technology, banking, social networks and streaming TV platforms are some in which more cases of phishing have been detected. In terms of channels, email is still the most common channel for brand phishing: it accounts for 44% of all attacks of this type.

Panda Security offers a series of tips to protect us from these threats. One of them is to learn to identify them since there are certain characteristics that can reveal an attack through an email, such as formatting or grammatical errors, bad spelling or generic greetings such as ‘dear user’ or ‘dear customer’. Also, make sure that the links start with https: // and not with http: //. It is also recommended to share data as little as possible and delete suspicious emails without opening them and without clicking on any links. Attachments in these suspicious or strange emails should also not be opened. Having the latest versions of software will also help us protect ourselves.

READ  The main security challenges in 2021

Sophisticated attacks

Two out of every three emails we receive contain a tracking pixel, also known as ‘spy pixels’. Despite its name, this small code that is inserted in the emails serves for the sender to monitor what exactly we do with that email. Although it is common for this information to be collected as Big Data to have more precise marketing campaigns, it is a technology that hackers can also use.

Tracking pixels are even more effective than browser caches and are a small part of spear phishing strategies. Through Big Data, those who are most susceptible to falling into scams are filtered, their techniques are improved and malicious code is injected. And it is common for cybercriminals organized in gangs to mix spy pixels with other technology such as JavaScript, getting to know the resolution of our screen, the plugins we use in the browser and, in general, all the technologies we use when accessing the Internet. “This is very valuable information for hackers. The more they know about their victims, the more strings they have to pull to find out what they want about their victims. For example, the fact that they know the resolution of our screen tells them if we are at home, in the office or on vacation. By knowing the plugins that we have installed in the browser, it can reveal to them when we operate with online banking, or they can intuit what our role is within the organization in which we work ”, points out Hervé Lambert, Global Consumer Operations Manager at Panda Security.

READ  Xiaomi presents the world's first mobile with a liquid lens camera

In general, the most used mail managers already block the automatic download of images if they detect that there are pixels classified as suspicious. But it’s still important to set your browser and email settings to be more restrictive. For example, blocking external graphics or emails with HTML layout. “We are aware that these measures, although effective, are not the best way to protect ourselves against spear phishing attacks. For this reason, the Panda Dome security suite detects and neutralizes the attack attempts that we receive globally, not just by email. It is important to understand that what is at risk on the Internet is not our computer or our mobile phone, but our entire digital identity ”, adds Hervé Lambert.

See them

Leave a Reply

Your email address will not be published. Required fields are marked *