How to recognize phishing and how not to fall for it?

The unique ability to hide under the guise of trusted institutions makes phishing one of the most difficult threats to detect on the Internet. In this post you will learn what phishing is, we will also discuss the types of phishing and its consequences. Thanks to our tips, you will know how to recognize phishing and you will be able to avoid traps that may cost you more than just a temporary surprise.

Phishing – definition

Phishing – what is it? This is an online scam and one of the most dangerous methods of phishing for information on the Internet. Phishing in Polish means phishing for information. This fraud technique can take the form of emails, text messages, fake websites or phone calls. What is phishing? The attack begins, for example, with sending an e-mail (so-called e-mail phishing ) with messages that are crafted in such a way that they closely resemble official banking correspondence or a message from a specific portal that inspires trust. The e-mail contains, for example, information about the alleged deactivation of the user's account and the need to activate it again. The website, of course, closely resembles a real website of a bank or a familiar company, but unfortunately it is an ambush prepared by a criminal. A user who does not expect anything bad enters his confidential data there, i.e. password, ID, login, PIN code.

Also check out the article on the Sapsan blog: what is cybersecurity ?

Types of phishing

• Vishing (voice phishing) – fraud carried out via telephone call. Fraudsters call the victim, impersonating a representative of a bank or other institution, trying to extort data.
• Smishing ( SMS phishing ) – Here, fraudsters use text messages to convince the victim to click on a link or provide confidential information.
• Pharming - a more dangerous form of phishing , redirecting a bank user who enters the correct website address (e.g. of the bank where he has an account) to other fake websites that steal data.

Also read the articles that explain what skimming and spoofing are.

How to recognize phishing?

To recognize phishing, always pay attention to messages from unknown or suspicious senders. This should automatically make you alert. Phishing often uses fake email addresses or phone numbers that look similar to real ones . Messages that threaten immediate consequences if you don't take a specific action are suspicious. Examples include messages informing you that your account has been blocked or that your data needs to be updated urgently

Phishing – examples

To further understand phishing, learn specific examples of this fraud technique.

• You receive an email with an attachment called "Invoice.pdf". When you open the attachment, malware is installed on your computer, which can lead to data theft, file deletion, or device hijacking.
• You receive a message on Facebook from a "friend" who asks you to click on a link that supposedly leads to an interesting article or competition. This link leads to a fake website that wants to steal your data.
• You receive an email informing you that you have won a large sum of money in a drawing you never entered. To claim your prize, you must click on the link and provide your personal information.

What are the effects of phishing?

Phishing can lead to serious consequences, such as:

• Identity theft – Fraudsters may use the obtained information for illegal activities, such as setting up fake bank accounts or making transactions in the victim's name.
• Financial losses – phished data often leads to the loss of money from a bank account or the unauthorized use of credit cards.
• Loss of reputation – in the case of phishing targeting companies, customer trust may be lost and data security may be compromised.

Phishing – what to do , how to protect yourself?

To protect against phishing , install and regularly update antivirus software . Also check URL addresses - before entering any data on a website, make sure the address is correct. Don't click on links in emails or text messages from unknown senders. Verify sources – if you receive a message asking for confidential information, contact the institution directly using official communication channels.

Report text phishing by sending a suspicious message to CERT Polska: +48 799 448 084 . To do this, use the "forward" or "share" function on your phone. The message will go directly to CSIRT NASK analysts, who will decide to add the suspicious domain to the warning list. However, remember that you can report a maximum of three messages from one phone number within four hours.

To feel safe, it is worth investing in e.g. yubikey keys , which require physical user interaction (pressing a button on the key) during the login process. This means that even if a cybercriminal obtains your login credentials, they will not be able to complete the authentication process without access to the key itself. Also check out our cybersecurity equipment in the Sapsan store, which is intended for both beginners and professionals in this topic.