Phishing is the act of placing a bait in front of an unsuspecting computer user and expecting them to bite; it has been the bane of antivirus vendors for a long time.
Just like a fisherman uses a bait on a hook in an attempt to catch a salmon, a malicious actor will use virtual bait in the form of an email (usually) with a link to trick the user into clicking that link. Unfortunately, once an unsuspecting victim becomes "addicted," chances are their device is infected with malware, and a whole world of pain and expense.
Tabla de contenido
you have spam
The most common delivery method for a phishing attempt is email. However, this type of attack can target the unsuspecting through text messages on a phone, on social networking sites, or other online means.
The common theme is that regardless of the delivery channel chosen, the message will appear to come from a legitimate entity. And if the attacker is well-armed with knowledge about you, such as the services you subscribe to, it can appear even more believable because it appears to come from a company he uses.
Since the communication appears to be from a legitimate entity, this can make you less likely to think about the actual content of the message, especially when the phishing email combines this with the suggestion that something urgently needs to be done, which is other common. tactic.
(Image credit: Shutterstock/DRogatnev)
So how exactly does phishing work?
Often the phishing scammer will give you the impression that you need to act immediately, hoping this will prompt you to act quickly out of fear rather than paying attention to the content of the email.
For example, you may receive a message about an unpaid bill marked urgent with a warning that your account is about to be canceled if payment is not made immediately. The bill will be attached and if you open it, you will be curious how much you owe and why the dummy file (not a real bill) will infect your PC with malware.
A second example is an email that says something like "Follow this link to log in and reset your password NOW because your account has been compromised and your payment information is at risk."
The irony is that if you click on this link and fall for the phishing attempt, you will be presented with a (probably quite convincing) fake login portal. When you enter your password and other personal information, they will be stolen and your account will be really compromised.
How serious is it if you are a victim of phishing?
Following our previous examples, if phishing tricks you into opening a malware-laden attachment, your system will be infected and all sorts of bad things could happen. For example, you may fall victim to ransomware, which locks all your files and demands a large payment to get them back (no guarantee this will happen, even if you pay).
With our second example, the malicious party will have your username and password, possibly even your bank details, and can then log into your account, perhaps changing your password to lock you out the next time you try to connect.
Depending on the service or subscription that has been compromised, the scammer can take a number of actions. If it's an online shopping site, for example, they may be able to order products there with your account.
Another danger is present for people who commit the bad security practice of using the same password for different accounts. The attacker can try the stolen password with other services, using your email address as a username, and can also log in there.
This is why you should never reuse the same password across multiple accounts (and if you're stuck thinking about and remembering different passwords, try using one of the best password managers).
(Image credit: Shutterstock/Askobol)
Two factors are better than one
Phishing is dangerous. So what can you do to protect yourself?
The most important thing is to use common sense and exercise a high degree of caution with any message you receive that appears slightly suspicious. Tell-tale signs include misspellings or weird wording, messages that say you need to do something “immediately,” or a link or attachment that even remotely looks suspicious.
Even if a message is ostensibly from your boss or a close friend, don't trust the content more because of it: your email address or contact details could easily have been spoofed. In fact, one of the best actions you can take if you're unsure about a message is to contact the sender of the email directly and verify if it's genuine. Similarly, if you receive a message claiming to be from, say, Amazon, you can log into your account and contact the company directly to verify the validity of any communication.
It's not just about double-checking your friend when it comes to beating phishing, it's also about double-authenticating. This means using two-factor authentication, or 2FA, which many large services and businesses use these days. With 2FA, you not only set up a password, but also a second form of verification. Thus, when a connection attempt comes from a new device or a new location, you must also enter, for example, a code that is sent by SMS to your mobile phone.
Dans ce cas, un attaquant peut avoir hameçonné votre mot de passe, mais lorsqu'il essaie de se connecter avec celui-ci, il n'a pas votre téléphone (espérons-le !) – et ne pourra donc pas accéder à votre compte successfully. Therefore, 2FA is undoubtedly a great ally in the fight against phishing.
Finally, it doesn't hurt to have one of the best antivirus programs installed on your PC (or phone) to help detect all threats and offer protection to block known phishing sites.
What is phishing and how dangerous is it?
Phishing is one of the most dangerous threats to your online accounts and data, as these types of exploits hide behind the pretense of being from a trusted company or person and use elements of social engineering to make victims much more likely to fall for the scam.
For this reason, you should be very careful about anything remotely suspicious in any message you receive, and make good use of the security practices we discussed earlier, including two-factor authentication.
The best prices in the best antivirus of the moment