How to protect yourself from phishing

The company Sophos, in its global Phishing Insights 2021 survey, revealed that phishing attacks increased considerably during the pandemic, since millions of employees working from home became the primary target of cybercriminals.

The identity spoofing or phishing is a type of online identity theft . This fraudulent action is characterized by attempts to illicitly acquire a user's personal data such as passwords, financial or banking information, credit card numbers, among others.

The scammer uses email, applications and websites that are specifically designed to steal personal data, impersonating a trusted person or company. When sending a message to an email, application or other tools, the cybercriminal waits for the recipient to receive and open the message, an action that in many cases is enough for the victim to fall for the fraud. In other cases, it is necessary for the victim to click on a specific link for the criminal to have access to the information they want.

"There is more than one way to bring down a victim and this type of crime is becoming increasingly sophisticated. Digital scammers have become experts at making fraudulent emails look exactly like legitimate ones, often from companies or establishments you are familiar with and trust. Phishing emails commonly impersonate companies, but social media accounts are also a trending target, as many users are more careless when protecting them," says Dean Coclin, senior director of business development at DigiCert.

The phishers they will pursue anyone, but tend to target CEOs and CFOs, law firms, human resources, and financial institutions. Additionally, in recent years digital stores and social networks have seen an increase in these attacks. These organizations have customer data and confidential information that attackers seek, and they need to be on maximum alert to protect themselves from phishing scams.

While many people believe they are the same, phishing is very different from spam. In practice, while spam is only related to a large number of emails and messages with no criminal purpose, phishing aims to harm the victim by accessing personal data and information.

Spam is quite common on the Internet. Every day, countless messages from websites, stores and applications fill the inbox of most users. It only generates the inconvenience of inbox disorganization, but represents no risk to the recipient.

On the other hand, phishing uses the sending of mass messages to deceive the target, inducing them to click on false links and/or provide personal information, always with the aim of harming the victim.

There is anti-phishing software on the market, with effective anti-spam filters, that warn of signs of irregularities in emails. As for websites, there are antivirus programs and firewalls that scan and notify irregularities or block access when they detect any possibility of fraud.

If you follow these 10 tips, you will be on your way to becoming an expert in defending against phishing scams.

1. Instead of clicking on a link in an email, open a new browser page and type the address/URL of the site you wish to visit. Sometimes a fraudulent link will be very similar to a trusted one, simply changing a few imperceptible letters.
2. Update both your operating system and browser software. The latest versions of most browsers come equipped with anti-phishing filters. As attackers devise new attacks, software updates improve their filters.
3. Block pop-up windows when browsing the Internet.
4. Never enter personal information in pop-up windows unless you are completely sure they come from the desired site.
5. For daily computer use, use a standard user account instead of an administrator account. Switch to the administrator account only when administrator functions are necessary. This protects your computer by reducing access to critical administrative functions.
6. Delete and do not open suspicious email messages. It may be tempting; sometimes the subject line can be eye-catching or so generic that you want more information, but resist the temptation and just delete it.
7. Accept only trusted certificates on web pages. Do not ignore browser warnings. Do not simply dismiss warnings you think you have seen without reading them carefully and without considering the implications.
8. Do not click on links that will take you to an unknown site or IP address.
9. Pay attention to browser warnings. For example, Chrome displays a warning triangle with "Not secure" in the address bar if a site does not have HTTPS security protocol enabled. Enable malware protection. Usually, this can detect and deter most threats without you having to do anything.
10. If you receive a phishing email, do not open it, do not click on any links or attachments and delete it immediately. If you continue to receive suspicious emails, report them to the Anti-Phishing Working Group (APWG).