Understanding what Phishing is is very important to prevent you from becoming another victim of cybercriminals, as Phishing is a type of fraud carried out electronically. This fraud aims to acquire the user's personal data, such as CPF, bank account numbers, passwords, ID, among other confidential data.
Previously, phishing also focused on stealing files such as music, documents and personal images, but it has modernized and increased the way it operates, making attacks increasingly dangerous and can cause many problems for companies.
If you have an email account or social media profile, chances are you have encountered phishing of some kind before. In a phrase, phishing is the fraudulent attempt to steal personal information through social engineering: the act of criminal deception.
The first cases of phishing
These cases occurred more than twenty years . In the early 1990s, attackers targeted the America Online (AOL) , using instant messaging to trick users into divulging their passwords.
It doesn’t take long for these threat actors to identify higher-value targets, pressuring unsuspecting victims to “verify their billing information” against the threat of urgent account deletion. Through this development, not only can criminal groups obtain victims' AOL credentials, but also bank account and payment card details.
AOL has stepped up its anti-fraud operations, implementing new measures to proactively kick out accounts involved in phishing. This was a decisive move that led the attackers to jump ships in search of new opportunities.
More than 400 thousand phishing sites detected per month in 2016
According to the December 2016 Webroot Phishing Threat Trends more than 400,000 phishing sites were detected per month over the last year.
Phishing attacks use social engineering techniques to convince victims that they can trust what they are seeing and can provide important data. For example, a email asking for personal information for a lawsuit, or a fake page perfectly imitating a bank's website and asking for passwords.
Phishing attacks have become increasingly sophisticated and designed to obtain sensitive information. Most attacks currently use tools that automate the creation of phishing sites, making them exist for less than 24 hours – the average lifespan is 15 hours. This makes it more difficult for traditional security tools to block this type of threat today.
Hal Lonas, CTO of Webroot, stated that “years ago, these sites could last for weeks or months, giving organizations enough time to block the attack method and prevent more victims from falling for the scam. Now, phishing sites appear and disappear in the time of a coffee break, leaving all organizations, no matter their size, at serious and immediate risk from phishing attacks.”
Source: Webroot Quarterly Threat Update
How to remove and prevent phishing?
There is no way to remove phishing threats, they can definitely be detected. Have a way to monitor your website and remain cautious regarding what should and should not be present there. If possible, change your website's core files on a regular basis.
To prevent phishing, you need to take some special precautions, such as:
- Do not open attachments contained in email that have not been previously requested.
- Have good habits and do not respond to links added to unsolicited emails.
- Protect your passwords and always use secure passwords.
- Check the website URL. In many phishing cases, the email address may appear legitimate, but the URL may be misspelled or the domain may be different (.com when it should be .gov). This usually immediately indicates the use of phishing.
- Keep your browser up to date and use security updates for your computer and system.
9 comments
Comments closed