What is Phishing?
Phishing is a form of fraud in which an attacker impersonates a trusted entity or person in an email or other means.
They create email accounts and web pages that pretend to be official for the user to enter their data (username, password, bank account and credit card data, etc.)
Phishing is a popular form of cybercrime due to its effectiveness. Cybercriminals have had success using email, text, or direct messages on social media or in video games to get people to respond with their personal information.
The cybercriminal carries out the attack through electronic means, Mails, Messages (SMS, Whatsapp, etc.) or a phone call.
Is impersonating a known public or private body or person.
The objective of the cybercriminal is to obtain the greatest amount of data from his victim through this attack.
95% of cybersecurity breaches are due to human error
A cyberattack can not only cost a company an economic loss but also greatly damage its reputation.
How to detect a Phishing?
“Sender domain” other than the organization it claims to belong to.
Mistakes of “spelling” and “grammatical” errors.
The “URL”, links that does not match the company or organization.
No entity will ask for data to be entered via email.
Character of “urgency”.
How do I protect myself from Phishing?
- Be “Aware” that can happen to us.
- Do not open links and attachments.
- Use common sense, do not send data from corporate, bank or credit card accounts.
- Keep the system updated.
- URL”, links that do not match the company or organization.
- “MFA”, two-step authentication to be alert to improper access to your accounts.
- If we were victims and entered the taos in a fraudulent website, proceed to change the password immediately.
- “Distrust” is not paranoia
Gustavo Roldán – SecOps