Cybersecurity. What is phishing and skimming?

You like to do things online. It's comfortable, fast, but it's also increasingly dangerous. Why? Because crime has developed in the network, which Poles are largely unaware of. Robbery of bank accounts is already regularly reported to the police. The most common forms of infringement are skimming and phishing. What do these names mean and how to increase cybersecurity ?

Why is cybersecurity important ?

Because if we are present on the web, we can easily fall victim to cybercriminals. You need to know how to protect yourself from it. In the era of the pandemic, online services and electronic payments began to be used by people who had never done it before. Older people also had to apologize for their telephones and computers. In a word, a lot of people started to do things online. A large, well-known bank recently commissioned a study that looked at cybersecurity . The respondents were asked, among others, knowledge of concepts, i.e.:

• chargeback,
• phishing,
• Skimming
• bank skimming,
• pharming.

More than half of the respondents could not define any of them. The authors of this study also stated that despite the fact that the state of knowledge about the dangers of the Internet leaves much to be desired, many people are not interested in further education in this field anyway. Every fifth person taking part in the surveys marked the answer that they had never looked for any news on this subject. However, 80% admitted that at least once in their life they encountered issues that directly concern cybersecurity.

Cybersecurity - what is it?

It is a whole collection of various proven practices, techniques and processes that are used to protect against hacker attacks and undesired access by third parties, as well as any damage :

• IT networks,
• devices,
• programs,
• data.

The resistance of information systems to any attempts to breach their secrecy, availability and authenticity is precisely cybersecurity . What else do you need to know ? It is worth getting acquainted with the concept of cyberspace . And it is simply a space where all information generated by ICT systems is processed and exchanged.

What is phishing and skimming ?

Skimming and ATM skimming

Skimming is the crime of copying the contents of the magnetic strips of ATM cards . Why do bandits do this? To create duplicates of original bank cards. After that, such a duplicate card works identically to the original one. All transactions that criminals make with it, of course, are charged to the real owner.

You must be aware that your card can be copied practically at any point where there is a terminal and the ability to pay with a card. It is sometimes copied by the seller himself, who collaborates with criminals. All you need is a tiny device that includes a card reader and memory for recording the contents of magnetic stripes. Later, they are connected to a computer and the contents of the strips are copied.

Such a fake card is usually held by bandits for a short time and they do not always have the opportunity to learn the PIN code. For this reason, cards that do not require a PIN are duplicated much more often.

In order to find out what the card PIN is, however, the criminals came up with the idea of ​​installing special devices with cameras and overlays on (or inside) the ATM. In this way, both the data of the magnetic stripe of the card are recorded, and the PIN code that the cardholder enters into the ATM is read using the camera.

ATM skimming is very dangerous, so before you insert your card into any ATM, check first if the card reader does not look unusual and suspicious , if there are any additional elements protruding from it and if the ATM keyboard is not level or slightly lowered in relation to the level of the housing . Also check the balance of your bank account on a regular basis.

Phishing

In cybersecurity, this term is used to describe the acquisition of confidential personal information . Phishers often target online auctions and banks. The attack starts with sending messages by e-mail that are crafted in such a way as to resemble official bank correspondence or a message from a specific portal. The e-mail contains, for example, information about the alleged deactivation of the user's account and the need to activate this account again.

The website, of course, very much resembles the real website of a bank or a friend's portal, but unfortunately it is a trap prepared by a criminal. A user who does not expect anything bad enters his confidential data on it, i.e. password, ID, login, PIN code.

Cybercriminals also have other ways to get to know sensitive data. For this purpose, they use, for example , malicious software (commonly referred to as Trojans or worms) . It is downloaded to your device from infected websites.

In addition to what phishing and skimming are, you should also be interested in terms such as:

• chargeback - return of funds for a fraudulent transaction;
• pharming – a more dangerous form of phishing, redirecting the bank user who enters the correct website address (e.g. of the bank where he has an account) to other fake websites that steal data.

Who is responsible for cybersecurity in Poland ?

The Scientific and Academic Computer Network - National Research Institute, abbreviated as NASK and CERT Polska (Computer Emergency Response Team) is responsible for cybersecurity in Poland. These institutions block malicious domains. If you suspect that a website has been faked, provide such information to police officers or employees of a specific bank that is responsible for its functioning in cyberspace. And how to ensure cybersecurity in companies? The company's cyber security is the responsibility of a department called cyber sec , which is divided into blue team and red team (ethical hackers). The comforting fact is that in many Polish companies these teams work efficiently and really know how to ensure cyber security , and the position of pentester is very popular.

In the Sapsan store , we also notice a growing interest in products that provide additional protection online. An example is Yubikey keys , which guarantee security when logging into Microsoft, Gmail, Facebook or GitHub accounts. Check out our cybersecurity equipment , which is designed for both beginners and professionals in the topic.