Each Internet user encounters phishing attacks at least once every few days. It seems that everyone knows that it is not worth following the links sent from suspicious addresses. But the victims of cybercriminals are still experienced users and even IT professionals. Criminal groups are always activated during notable global events: Christmas sales and Black Fridays, Olympiads and World Cups, major political conflicts, or jumps in the stock markets.
For personalized phishing attacks, they usually use more effective methods of social engineering, which are almost inaccessible during global campaigns. For example, criminals can take advantage of legal and tax changes in a particular country that are important to some of its citizens, tax residents, or companies. The implementation of new rules often requires actions, failure to comply with which on time can lead to fines. Criminals manipulate information, relying on the ignorance of taxpayers, as well as stress, lack of time, or fear of financial loss.
Based on the history of phishing attacks, we have made a list of typical cybercriminal actions:
- Offer access to bank account management through a site similar to a bank’s site to steal login and password, credit card numbers, and other confidential data.
- Send out emails or messages with polls and sweepstakes for matches and other valuable prizes, offering to send them personal data.
- They send emails or messages with announcements of shocking news, offering to follow the link to continue reading.
- Pretend to be a financial institution and send infected instructions for creating bank accounts or sub-accounts.
- Send links to special offers and promotions with payment through a fake page of a bank or payment system.
- They impersonate well-known online stores, online platforms, and delivery services, offering to confirm (and pay!) The purchase made on them.
- Pretending to be financial institutions, forcing people to make a payment or provide confidential data supposedly for standard verification.
How to protect yourself?
Experts recommend that you exercise extreme caution when receiving emails, messages, links, or calls that resemble the examples listed above. And trust only information, links, and attachments received from reliable sources known to you. If you received a suspicious letter, carefully look at the sender’s address, it may be different from the original letter. It is also worth paying attention to non-standard text formatting or unusual sending time, different from the official working time of the company.
Direct mailing allows hackers to use thoughtful and complex strategies, targeting a specific group of people. The percentage of victims of well-prepared phishing campaigns is on average predictably higher than when randomly sending spam. To protect your device from infection, we recommend regularly updating your OS, software, applications, antivirus programs, and backing up data. Corporate executives and security officials are advised to remind employees who are most vulnerable to cyber-attacks more often.