Your password has expired or how not to become a victim of phishing

“Your password has expired. Click here to change it immediately.”

Does this message sound familiar? Then you have become a victim of phishing. Here’s what a phishing attack is and how to recognize it.

The number of people working remotely is growing rapidly, as is the number of potential digital threats. One of the most dangerous and widespread types of online fraud is phishing.

What is phishing?

Have you ever received an email purporting to be from a bank or other popular online service that asked you to “verify” your account information, credit card number, or other sensitive information? If so, you already know what a phishing attack looks like. The name of this type of fraud comes from the English word fishing. It means that the scammer catches the victim or their data in a sneaky way. The goal of phishing is to obtain valuable data that can be sold or used to extort, steal money or personal data.

According to StationX, almost 5 million phishing attacks occurred in 2022 alone. The main reason is that more and more people use the Internet to communicate, pay for goods or services.

Tip: Which industries are most susceptible to phishing? The financial and banking sectors, as well as e-commerce, are usually the targets of phishing attacks because of the valuable information they store. According to Tessian’s research, the most frequently imitated websites for phishing attacks in 2021 were those of the popular marketplaceAmazon, video conferencing service Zoom, software developer Adobe, and tech giant Microsoft.

Let’s take a look at the most common types of phishing, becausethere are many ways for a phisher to extract confidential information from a victim or gain access to their device.

1. Phone phishing is a classic deception. You receive a call from the police, tax authorities, bank, hospital, and are intimidated. On emotions, you provide important information that will be used for fraudulent purposes.
2. Email that is touching or serious. It will contain a link, a request to fill out something, register, visit a website, or your password to your email is broken and needs to be changed urgently.

Interesting fact: This is how unknown persons stole 50 thousand emails of Hillary Clinton’s campaign chairman John Podesta. Many of them contained compromising information. As a result, Clinton lost the 2016 presidential election to Donald Trump and history took a different turn.

Or: “Congratulations, your brand new car is already waiting for you!”
1. Fraud 419. A very old way of fraud. The story goes like this – a wordy letter from an alleged “Nigerian prince” who is a member of the royal family. He asks for help in transferring money from Nigeria. The letter comes with a note “Important”. At the end of the letter, he asks you to leave your account details to send the money for safekeeping because you are a responsible person. Then your data disappears.
   
2. A letter from an old friend or relative whom you haven’t seen in ten years and they are asking for help. It will contain text that will touch you and a link that you should never click on.

Remember these insidious methods of fraudsters and protect your data and yourself. The consequences of phishing can be catastrophic. Your funds can be stolen, your personal information can be sold on the black market, and your accounts can be used for other fraudulent activities.

How to protect yourself from phishing?

1. Do not open files of unknown formats or emails from unknown companies or individuals.
2. Do not rush to follow any links and download files. Especially be careful with shortened links like bit.ly, as it is impossible to say exactly where they will redirect you.
3. Do not disclose personal and payment information to unknown persons posing as employees of financial institutions.
4. Set up multi-factor authentication to log in to your accounts.
5. Be critical of posts and messages on social media. Also, pay attention to the design of the website. If it is made in a hurry, contains errors and raises suspicions, then such a resource may be a phishing site.
6. Check websites using special services to detect suspicious activities, for example, Google Safe Browsing – Google’s Service and Data Availability Report.
7. Try not to log in to your bank accounts from public Wi-Fi hotspots. In this case, fraudsters can easily intercept your personal data.

Conclusion

If you detect any fraud, it is important to notify Cyberpolice. If the criminals try to access your funds through the card, we recommend that you contact your bank’s support service to block the card and access online banking.