Phising: fishing for victims
The buying habits of consumers have evolved significantly over the past decades. In the 80’s, consumers bought at traditional stores. In the 90’s, franchises started to growing and by the year 2000 anything a consumer could possibly need could be found at a single point of sale.
Today, there’s no doubt that another important evolution has taken place. People now make the majority of their purchases online. From 2016 to 2020, it’s anticipated that the global sales volume will reach 12%. In Spain, over the last 10 years the number of Spaniards buying online has grown by 36%.
What we want to say here is that these changes have brought about some negatives as well. We’re talking about the new Internet hacking techniques and specifically about phishing, which has become increasingly sophisticated with time. Phishing takes advantage of the new online connection between the client and the company using a device, in order to steal or access the client’s personal data and passwords, or take over the user’s account.
That’s why phishing is defined as theft which uses a disguised identity to mislead the victim, based on the trust they already have in a company or another person. It often shows up as a simple email (the most common method) or it can be a phone call.
Everybody is vulnerable to this threat, even if you have security software. Because anyone can receive an email from an “official entity”, for example, and fall for the bait.
How to avoid phishing?
In order to avoid falling into these traps, here are some things you can do:
First, verify the authenticity of the email. You have to keep in mind that a reputable company is not going to ask for your personal data by mail, so don’t click on an email link that’s sent to you. Also look for possible spelling errors, which actual companies don’t usually have. Another sign is if your correct name is not shown in the header,- if this field is blank, run the other way!
The website. If by mistake you’ve clicked on one of these links, there can still be a solution if you haven’t input any data. You should look to be sure the page has “https” in the URL. Also, don’t trust a link which has been shortened, because it can be hiding the fake website. You can go to https://www.unshorten.it to check on it. Also look at it carefully, because it can also contain “Unicode” characters masking the fake website.
Use common sense. The best recommendation is to keep the links that you use the most in your “favorites” bar, and never go to those sites using any other external links. And always look carefully at all the details.
The latest phishing cases
Whatsapp: The more fish in the sea, the greater the chance of catching one. And that’s the case with Whatsapp, a messaging app used by millions. The National Police in Madrid used Twitter to inform people about new fake messages on Whatsapp. They warned about fraudulent coupons and promotions so people would not fall into the trap.
One of their messages warns people that Coca Cola is not running any promotions offering a CocaCola cooler. Another warns that there is no Decathlon campaign taking place in Spain.
Netflix: Another recent example of phishing in Spain took place on this multimedia streaming entertainment platform. In this example, the email fraud simulated a service interruption because of the loss of the account owner’s personal data. In the email it read: “Dear client: we regret to inform you that your account has been temporarily suspended due to an invoicing problem”, sent by “Netflix firstname.lastname@example.org”.
What they hope is that the victim, once they go to the fake page, will input their user name and password and then the data for their credit card. The extension on the page ends in “.uy” which looks like Netflix. If you already fell into this trap, the best thing to do is cancel the payment and change the password for your Netflix account.