One of the most effective methods used by hackers is the fake email scam. Knowing the naiveté of many users, this type of malicious attack spreads very effectively across the internet.
According to data from the report in Brazil released by Axur, Brazil broke its record for attacks in the first quarter of 2020. There were 10,910 unique phishing cases in the period from January 1st to March 31st in the country. This figure represents an increase of 238.82% compared to the same period in 2019, when 3,220 cases were detected.
But don't panic. There are several ways to identify fake emails and protect your company's data, and that's what we'll be talking about next.
What is a phishing email?
Typically, an email with a fraudulent message, using an intimidating form of communication and containing links and information in an attempt to imitate large companies (usually banks), qualifies as phishing.
Emails of this type claim that failure to take action will result in the recipient's account being blocked.
The action, in turn, is usually carried out within a (fake) website made available for access in the email sent by the criminal, and has an appearance identical to the real website.
Because it contains content that generates interest in "solving" a major problem for the victim, and also because it has an extremely similar appearance to the real thing, this type of attack is so successful.
What does a phishing email look like?
With the goal of deceiving internet users through fake messages in an attempt to steal confidential information, such as login passwords, credit card details, or fraudulent bill payments, the target website of the attack is usually very well structured.
Identical to the real thing in header, buttons, colors and logo, everything exactly the same as the original.
The image below shows an example of a phishing email supposedly from Itaú bank, requesting the synchronization of a security device.
Notice that the initial text creates a sense of urgency for you to access the link below. Also note that the destination link makes no reference whatsoever to Itaú bank.
In the video below, we demonstrate how a phishing email disguised as the PagSeguro payment service works, with the goal of stealing the victim's login information. First, we show access to the phishing site without protection. Then, we show an attempt to access the phishing site, but with the protection of an internet access control system on the company's network.
In this way, the video presents a comparison of the effectiveness of a phishing attack on an unprotected network and another with security and protection technology.
What questions should I ask when I receive an email like this?
Well, you've probably already realized that a phishing email can easily go unnoticed by inexperienced users. But, to the relief of many business owners concerned about this type of access by employees, some simple precautions can solve several problems, as we will see below.
- Was this email at my request? Do not open attachments or take actions that were not requested by you.
- Is my password strong and secure ? Always keep your passwords protected, trying not to use the same password for all sites, because if you fall victim to a scam, all your access will be in the possession of the criminals.
- Does the website URL match the content or company in the email? In many phishing cases, the email address may appear legitimate, but the URL may be misspelled or the domain may be different (.com when it should be .gov). This usually immediately reveals the use of phishing.
- Do I keep up with security updates for my browser, computer, and system? Updates bring improved protection systems, in some cases blocking access to websites considered harmful.
- Do I have a firewall and internet access control in my company? Using security systems that block access to harmful websites is an "automatic" way to stay protected against these types of attacks, without the need for training or excessive precautions.
Having considered several ways to avoid falling victim to these types of scams, we can see that most of the tips involve correct behavior and discernment on the part of the user. In fact, in another article on this blog, we discussed employee education in more detail regarding these types of attacks.
Don't leave your company's data security at the mercy of cybercriminals.
I hope I've helped you understand the importance of protecting businesses against phishing emails.
Until next time!
3 comments
Comments closed