Updated: Jan 6
What are your risks, and how to protect yourself
A short overview of the risk and how you stay safe when it comes to your online presence and online banking.
Phishing is a type of social engineering in which an attacker sends a fraudulent (e.g. spoofed or fake) message designed to trick a person into downloading malicious software, sending money, or stealing personal or confidential data.
How to identify phishing scam emails?
An obvious sign of many phishing scam emails is that they ask you to perform an action urgently and/or in a threatening manner.
Many of these emails have poor grammar and obvious misspellings.
Scammers often use email ad
dresses that resemble those they are trying to impersonate. For example, instead of using firstname.lastname@example.org, they use email@example.com (note the subtle change from microsoft, with an "o", to micrasoft, with an "a").
These emails contain a link or attachment (either DOCX, PDF, etc.) to redirect the victim to download malicious software, to enter their data or to make a money transfer.
How to avoid the trap?
Characteristics: be aware of the characteristics that phishing scam emails tend to have each time you read a new message.
Links: be suspicious of emails that st
ate that you should click on a link or attachment urgently or in a threatening manner and/or contain many spelling mistakes.
Legitimacy: check the legitimacy of the email domain by searching for it on the internet. In the example of firstname.lastname@example.org, you would type "microsoft.com" in your search engine to verify that it redirects you to the official website of the entity you trust.
https: check whether the link you are redirected to starts with HTTP or HTTPS. Normally, all trusted entities have digital certi
ficates with which they obtain the more secure HTTPS protocol. If you are on a web page whose URL begins with HTTP, do not insert credentials or confidential data on it under any circumstances.
Suspicion: report any suspicions to the cyber security department of your bank.
Spear phishing is a variant of phishing that is characterised by the prior effort of researching and understanding the victim so that the intended scam email contains the appropriate information to obtain sensitive information.
How to identify a spear phishing attack and how to act?
Check the remittent. It is easy to create a sender's name, so check the email address it comes from to see if it is legit.
Check the email's contents: if it requests sensitive, personal or confidential information, never send it without prior permission. Use a different communication way with the remittent to verify.
Do not click on links or attachments without prior verification and check if their source is legitimate.
Smishing and vishing
The term smishing comes from the combination of SMS and phishing and is a deception by sending a text message. The attacker hopes that the victim will click on a malicious link, possibly to steal confidential information and make financial gain.
The vishing attack is very similar to smishing; it differs in that the attacker uses voice over internet protocol (VoIP), combined with email phis
hing techniques, with the aim of stealing the victim's identity and/or committing financial fraud.
Ransomware is a type of malicious software that prevents access to the computer's operating system, files or networks and demands the payment of a ransom to regain access.
A very famous example of a ransomware attack is WannaCry. In May 2017, this attack affected approximately 230,000 computers worldwide. Among its victims were Telefónica and thousands of hospitals and clinics. Many essential services were paralysed for a long time, and losses are estimated to be in the millions worldwide.
Victims of such an attack should not succumb t
o extortion nor proceed to pay the money demanded by the cybercriminals. Otherwise, the victim is more likely to become a potential target in the future. In addition, it is very common that cybercriminals do not provide access to the data, even if they have received the money.
Remote access trojans
A remote access trojan (RAT) is a malicious program used to gain full access and remote control of the victim's computer. It can control the mouse, and keyboard, access files and network resources, silently browse the device's applications and files, bypass firewall security, anti-malware and authentication controls.
How do I know if a computer is infected with a
The most obvious signs of remote access Trojans are as follows:
The internet connection is very slow.
Unknown processes are running in the background. This information can be viewed in the task manager.
Files are modified or deleted without permission.
Programs are installed without consent.
Attacks on mobile devices and tab
Some of the malware collects information about bank logins and passwords, others act just like computer ransomware, and some are capable of monitoring all actions performed on the device. Establishing security measures on mobile devices and tablets is just as important as on computers.
Password protected → Lock the device with a password or pattern
Encrypt → Encrypt the data you store
Trusted links → Only click on links from trusted sources
Backup → Make regular backups
Essentials → Install only necessary applications from trusted sources.
Anti-Malware → Having a quality anti-malware protection
Update → Keeping both applications and the operating system up to date
Secure network → Connect only on private and secure networks. Public wifi networks, BlueTooth and infrared are insecure.