For criminals and fraudsters, personal data of Internet users is always very desirable. In many cases it allows access to credit cards, bank or online accounts.
Phishing, i.e. obtaining other people’s personal data using fake e-mails or websites, is a popular method of doing this. The following is an overview of the most common methods:
Fake notifications from social networks
Cyber criminals send fake notifications that appear to come from popular social networks and refer to new friends, their activities or anything else. At first, these messages often do not differ from regular, legitimate messages. However, they additionally contain a phishing link, which is not always easy to recognize as such. When users then click on the link, they are prompted to enter their username and password on a fake login page.
A very popular variant are messages from alleged social networks, which, for example, indicate that suspicious activity has been detected on the addressee’s account or that from now on a new feature will be introduced that requires users’ consent in order not to be blocked. Again, these messages include a button with a link to a phishing login page.
Phishing, which aims to gain access to users’ bank card details, remains the most common type of fraud on the web. In this case, fake messages may be sent on behalf of banks. The most common message scams in this case refer to the alleged locking of an account or “suspicious account activity”.
Under the pretext of restoring access to the locked account, confirming identity or canceling a transfer, the user is asked to enter their bank card details on a fake online banking website. Once the criminals receive the details, they immediately deduct a certain amount of money from the victim’s account.
Fake notifications from notable service providers and vendors.
One type of attack that is particularly booming under the current Corona-related circumstances is brand-phishing. Here, the attackers imitate large companies in e-mails and the domains used for them in order to get the recipients to hand over access data and other critical information.
According to Statista and Check Point Research, the ranking is as follows:
- Google 13%
- Amazon 13
- WhatsApp 9%
- Facebook 9%
- Microsoft 7%
- Netflix 2%
- Apple 2%
- Huawei 2%
Fake notifications from email services
This type of online scam is used to obtain usernames and passwords for email services. Either users are prompted to recover their password or to increase the available space of their mailbox, which is supposedly full.
How to protect yourself
Here are some behaviors that can protect you from phishing attacks:
- When you receive a message from a company or service, first verify that it comes from a trusted address. Pay close attention to the sender’s address and whether the URL resembles the real address but contains additional, unusual elements. For example, in case of Google, the message should come from firstname.lastname@example.org and not email@example.com.
Furthermore, pay attention to whether the “https” security certificate is missing or incorrect.
- When you open the link of a message, make sure that you are redirected to the authentic website and not to a fake site.
- Phishing emails are usually urgently worded and include threats. Be skeptical if, for example, the following words such as “urgent”, “reminder”, “important” or “payment” are in the subject line.
- Use a reliable security solution with anti-spam and anti-phishing protection. This software detects fraudulent emails and warns you about them.