Phishing: What It Is and How to Protect Yourself From It | Antivirus Software

In fact, the letter to Nikolai was sent not by a store, but by cyber fraudsters. They tricked Nikolai out of confidential data, and he did not even notice how he fell for their bait. This type of fraud is called phishing. That is fishing, fishing with a hook.

Usually, criminals first grasp a person for a living: intimidate with the loss of money or lure with super-benefits, arouse curiosity or sympathy. Then they lure out personal data, account, or card details. And in the end, they write off the money from the bank account.

Consider what mistakes Nikolai made and how he could protect himself from losing money.

Mistake # 1: not using antivirus protection

Nikolai considered it a waste of money to buy an antivirus. He decided that it would be much easier and cheaper to clean the mailbox of spam by himself.

How to fix the error

All your gadgets - computer, laptop, need to have antivirus software installed. A good anti-virus package includes protection against spam and phishing emails. He himself recognizes suspicious addressees.

In addition, the antivirus protects against programs that steal card data, gain access to online and mobile banks, intercept SMS and push messages with secret codes. This is even more dangerous than phishing - your account can be reset to zero, and you won't even know about it right away.

It is important to update your protection regularly. Cyber ​​fraudsters are inventing new viruses and phishing methods literally every day.

Mistake # 2: following links from messages from unknown recipients

Nikolai decided that he received a letter from an online store - he saw a familiar name and logo in the text of the letter. But he did not verify the sender's address.

How criminals work

Fraudsters register an email address similar to the address of a real online store, bank, or other legal organization. For example, instead of the address of the shop "Supershop» mail@supershop.ru use mail@supersshope.ru.

Sometimes deceivers do not even bother with a similar address, since it is often hidden from the user's eyes. They simply indicate the name of the store as the name of the sender - this is what the recipient sees. It is easy to check the substitution, but not everyone pays attention to such details.

Scammers lure people to phishing sites not only through email but also through instant messengers and social networks. You may receive a message from a friend who offers to follow the link. But it may turn out that his account was hacked.

Sometimes criminals don't even try to imitate someone else. Instead, they start their own business project. And they create the appearance that they are running quizzes with guaranteed winnings, questionnaires for rewards, or sending out videos for adults.

In the text of the letter or message, they add a link that, instead of the promised quizzes and videos, leads to a phishing site. It is created specifically for this scam to collect personal and payment information from users. In some cases, when you click on a link, a virus is downloaded that steals data from your device.

The deceivers choose the subject of the letter to which the recipient should react. Something scary: "Your account will be blocked", "An urgent message from the Security Service." Or enticing: "You have been credited with 3000 bonuses", "Refund of payment for 12,000 rubles." Or the intriguing one: “Hello! I'm sending you pictures from the last party. " Scammers know how to play on emotions.

How to avoid scammers' tricks

Always check the email address carefully. If it differs by at least one symbol from the usual address of a store, bank, airline, or other real organization, such a letter should not even be opened. If the address is not familiar to you at all and you do not expect messages from new addressees, then you can safely delete it.

When you open the letter, pay attention to how it is written and formatted. Spelling mistakes and awful design are clear signs of a fake letter. But lately, scammers have learned to very accurately repeat the corporate identity of well-known companies. So you have to be careful, even if everything looks perfect.

If a friend or acquaintance sent an incomprehensible link, it is better to call back and make sure that this message is exactly from him.

Mistake # 3: not checking the site's address bar

Nikolay noticed that the usual design of the online store has changed a little, but this did not alarm him. It did not occur to him to carefully examine the address bar of the browser.

What to check when going to the site

Address. It is best to save the addresses of banks, government agencies, your favorite online stores, and other online services in bookmarks. You can type in the address manually, but you need to be careful - sometimes a mistake in even one character will lead you to a duplicate phishing site.

Always check the address bar of your browser. Sometimes you can get to a phishing site even when you go from one page of a portal you know to another.

Connection security. If you want to enter personal information or card data, make a purchase through the site, then its address must be preceded by https and the closed padlock icon. The letter s and a closed padlock mean that the connection is secure: when you enter data on the site, it is automatically encrypted and cannot be intercepted.

A secure connection is a mandatory requirement, but not sufficient. Hackers cannot connect to such a site and find out your data. But this is not a guarantee that the site itself is created by a law-abiding company. Recently, criminals have also managed to obtain security certificates for their sites.

Design. Even if you missed an extra letter in the address, and the criminals organized a secure connection, the poor design of the site should catch your eye.

Criminals create online resources with the simple goal of collecting sensitive data. Therefore, in most cases, they are not wise with the structure and design of the site. Sloppy layout, spelling errors, broken sections, and links are clear signs of a fake.

But if the fraudsters have big ambitions, they can invest in creating a website that replicates the Internet resource of a well-known organization as closely as possible. Or create a beautiful and high-quality website for your own "project". So you can't focus on design alone.

Mistake # 4: Paying Through Insecure Pages

The fake "online store" suggested that Nikolai make a "test payment" and for this enter the code on the back of the card and the code from the SMS message directly on its website. Nikolai did not pay attention to the fact that he was not transferred to the payment system page to make the payment.

What you need to know

After entering the card details, the store website should transfer you to the gateway of your card's payment system. This is a separate secure page, the online store cannot access the information you enter there.

Payment gateways connect the cardholder with his bank when making a payment. The bank sends the client a one-time code in an SMS message to confirm the operation. And only after the buyer enters it, the payment goes through.

Do not tell anyone the secret codes from the bank - check if the data from the SMS matches the details of the operation. If everything is in order, enter the code into the special field on the payment page. If not, call the bank.

All payment systems have secure gateways. Look for their logos on the payment page: Visa Secure, MasterCard SecureCode, and Mir Accept. Moreover, the logos should be active links that lead to the sites of payment systems. On the scam pages, these logos are just pictures.

Mistake # 5: using the same card for all payments

Nikolai paid in online stores with his salary card. Now he will have to order a new one. In the meantime, the bank will reissue it, he will be able to get access to the balance of money on the account only at the bank branch.

How to proceed

For online purchases and pay for services via the Internet, it is better to get a separate card. It is worth transferring money to it right before the payment and putting in exactly the amount that you are going to transfer.

Some banks and electronic payment systems (e-wallets) offer to get virtual cards - they have details, but they do not exist in the form of plastic. Sometimes it is even possible to create virtual cards that are valid for only one online purchase.