You’ve all heard about the new cybersecurity threat that's called phishing, and you definitely should never underestimate it. In its fundamentals, there’s the same old algorithm as in the habitual ‘fishing’, but it’s thousands of times trickier. Hackers are always in search of cunning ways to deceive users; pretending to be legitimate persons or organizations is the most common one.
Just imagine that one of your potential investors received an email from the supposed founder of your ICO project. In this email, he/she is greeted by name, the subject is ‘urgent policy change’, and in the body of the letter there’s only a link ‘http://www.icoprojcct.com/policcie.’ Being overloaded with work and trusting the sender, the person clicks the link and comes to a fake website which appears to be a completely legit ICO login page. Suspecting nothing, an investor enters his login and password; when he checks his Ether Wallet in a little while — it’s empty.
Sounds more than a little unpleasant, doesn't it? Keep in mind that last year more than 70% of the universities in the UK reported having been victims of phishing attacks. Why? There are few people who think twice before opening emails from their CEO or a trusted colleague. Therefore, due to the rapid development of the IT sphere and Social Engineering, in particular, the Hacken team decided to outline four core principles on how to prevent phishing.
As we’ve already mentioned, villains tend to forge the sender’s information. Thus, you shouldn’t trust the bank email or SMS that asks to provide your credit card PIN to verify your account. Such emails tend to have a lot of typos and spelling mistakes. Another clue is that most phishing websites lack ‘s’ in the prefix “https” before the URL. If you detect the points mentioned above, it’s not advisable to trust the addresser.
Cyber criminals often add some sort of ‘call to urgent actions’ in order to confuse and intimidate their targets. As a result, being perplexed, one provides confidential information instead of reporting this suspicious activity. So, if you see such statements as "your account will be closed" or "urgent action needed", contact the legitimate entity directly or write in separate Email to clarify the matter.
Most people stay logged into every account they have, especially those which they use on a daily basis. Thus, why should Google or Paypal or any other familiar website ask you to enter your password again? When such situations occur, raise that mental red flag! Copy the website’s address directly into the browser bar, and if it does not ask you to log in, someone is trying to phish you.
However, sometimes the fraudsters create impeccable ways to reveal sensitive information. They try really hard to disclose the accounts of companies and founders of various projects because the price of our mistake will be much higher. What actions should be taken by large enterprises not to become the victim of a phishing attack? One possible solution is to buy an anti phishing service. Make sure that your software is up to date and remains in constant development to provide the best phishing protection.
It’s undoubtedly great that the IT sector grows and expands to meet human needs, but unfortunately, there are people who use this progress to the evil ends. Just last February, citizens of the Czech Republic were sent fake SMSs from the postal service, where they were asked to download a malevolent app which contained a trojan horse to steal their credit card information. Such cases are numerous.
Indeed, the modern world poses a new challenge for all of us to be even more attentive, sagacious, and skeptical to every email, SMS, and call received. But don’t worry, Hacken is here to go to suit up and go to bat for you.