Day-to-day digitization makes many facets of our lives easier and more comfortable. But, at the same time, its daily use should carry with it some precautions. In recent years, digital scams have proliferated. The phishing (from the verb ‘to fish’ in English) is one of the most common and, above all, the most affective, since the user believes that he is not being scammed.
Beware of email offers impersonating Amazon- Advertisement -
What exactly is phishing?
Phishing can happen both in emails and SMS, which are the most common means, but can also be telephone calls. In any case, the person behind the message is trying to imitate a real company.
Normally, these messages appeal to an error or failure that requires an urgent solution. This way, ask the user for passwords, account numbers, files to be downloaded … The email, SMS or call adopts the ways, shapes and logos of real companies, in addition to which they can create false URLs that imitate the official ones with a very high similarity rank. But then, how do we avoid being a victim of phishing?
1. Never, never provide personal or bank details
Unless you are the one who starts the communication or through the official app, you never have to give the data personal or bank account.
In most companies, you are not asked for personal data directly in the message, but instead invite you to log in. Therefore, be suspicious of any email that asks for passwords or other information.
2. When in doubt, call
If there is any doubt about the veracity and security of the email, call or SMS, you have to call the entity from the contact number we have.
On many occasions, the companies themselves will be able to tell you if it is a scam or not. Also, this will help to report.
3. Don’t open any links
If you receive an email or SMS from a previously unknown sender, or ensuring that you have to solve a service that you do not have, you must avoid clicking on the links.
These can lead to fraudulent websites or downloads of malware. Also remember to have always activated antivirus and even use safer browsers than Chrome.
4. Take a good look at the text and directions
It is common for these types of scams to have misprints. Errors can be both spelling – writing the greeting message without ‘h’ – to grammatical – a concordance error in the verb. If you find bugs of this type, then delete the email.
In addition, to imitate real companies, they often use similar tricks to the language leet (replace vowels with numbers). In this way, they create real domains and URLs that, if you don’t look closely, can appear real.
A very clear example is to use the lowercase ‘L’ (‘l’) as an uppercase ‘i’ or the number ‘0’ as an uppercase ‘o’. So check both the sender’s email as the links to find these kinds of tricks.
5. Does not use secure protocol
Another proof that the message may have fraudulent purposes is that the URLs attached do not use secure protocol: https: //…
This prefix in the links indicates that the website encrypts the personal information that is hosted on it.
6. Beware of attachments
If we receive a message with a document attached that, by chance, you were waiting for, we tend to download it without thinking. This is also taken advantage of by some phishing.
For this reason, it is advisable to carefully review the attachments that you send us. First of all, you have to make sure that the format is not an executable -the most common is “.exe”, but there are many more-, since these are the ones that can contain malware.
Second, you can always open it through Google Drive. This shows the file as an HTML, like this you can check its content.
There are different tools to avoid this type of fraud and that they will be useful when you want to check the veracity of an email:
- Virustotal. This website can analyze both files and URLs in search of both software malicious as anti-virus engines. Although it helps a quick review, it must be taken into account that the malware it is constantly updated, so it can give “false negatives”.
- unshorten. This service allows you to unzip a URL. On many occasions, the links are shortened through tools such as bitly, this website allows you to see the original link to verify its truth or falsehood.
- Whois. This website shows the ownership of the domains (URL), so it can be very useful to make sure that a link is official.
- U2F. Or Second Universal Factor. This system works like a traditional key: to log in, in addition to the password, it will be necessary to connect the mobile device to the computer. Thus, even if they steal the password, they will not be able to access. Most web services have this protocol.
If you don’t want to miss any of our items, subscribe to our newsletters