One of the most effective methods used by hackers is the fake email blow. Knowing about the innocence of many users, this type of malicious attack spreads on the internet quite effectively.
According to data from the report in Brazil released by Axur, Brazil broke record of attacks in the first quarter of 2020. There were 10,910 unique cases of phishing from January 1 to March 31 in the country. This data represents an increase of 238.82% compared to the same period of 2019, when 3,220 cases were detected.
But, no panic. There are several ways to identify fake emails and protect your business data, and that's what we'll talk about.
What is a fake email?
Usually, an email with fraudulent message, using an intimidating form of communication and containing links and information in an attempt to mimic large companies (normally banks), fit as phishing.
Emails of this type state that the lack of action will result in the blockage of the email recipient account.
The action in turn is usually done within a (false) website available for access to the email itself sent by the criminal, and it looks identical to the true site.
Because it has content that generates interest in “solving” a major problem with the victim and also, having an extremely similar look like the true is that this type of attack is so successful.
How is Phishing email?
In order to deceive internet users, through fake messages in an attempt to steal confidential information, such as passwords, credit card data, or fraudulent ticket payment, the attack destination site is usually very well structured.
Identical to the true in the header, buttons, colors and logo, all exactly the same as the original.
In the image below, there is an example of phishing email allegedly from Banco Itaú, requesting the synchronization of the security device.
Note that the initial text creates a sense of urgency so that you access the link below. See also, that the destination link makes no reference to Banco Itaú.
In the video below we demonstrate the operation of an email phishing, which is passed by the PagSeguro payment service to steal the victim's access data. First is demonstrated access to the non -protective phishing site. An attempt to access the phishing site is demonstrated, but with the protection of an internet access control system on the company's network.
In this way, the video has a comparison of the effectiveness of a phishing attack on a unprotected network and one with safety and protection technology.
What questions should I ask when receiving such an email?
Well, you may have realized that a phishing email may easily go unnoticed by lay users. But for the relief of many entrepreneurs concerned with this type of access by employees, some simple care can solve various problems, as we will see below.
- Was the email a request from me? Do not open attachments or do actions that were not requested by you.
- Is my password strong and safe ? Keep your passwords always protected, trying not to use the same password for all places, because if you fall into the coup, all accesses will be in possession of the criminals.
- Is the site URL consistent with the content or company of the email? In many cases of phishing, the email address may seem legitimate, but the URL may be a spelling error or the domain may be different (.with when it should be .gov). This usually denounces the use of phishing.
- Do I do the browser, computer and system safety updates? Updates bring with them better protection systems, in some cases, blocking access to sites considered harmful.
- firewall system and internet access control in my company? Using security systems, blocking access to harmful websites is a “automatic” way to stay protected from such attacks without the need for training or excess care.
Given some ways to avoid falling into such blows, we can see that most tips involve the correct behavior and discernment of the user. Even in another article here on the blog we talked more about the education of employees in attacks of this type.
Do not leave your company's data security to the cyber criminals.
I hope I have helped you realize the importance of physical phishing email protection in companies.
To the next!
3 Comments
Comments closed