To this day, all internet users or almost all of us have ever received an email in which supposedly our bank, our PayPal account, the Amazon account, the Netflix service and the like "have blocked our account" .
In most of these emails the user has to access from a link that is directly in the central part of the email to be able to unblock this account and recover the data. We are almost certainly facing a phishing attack or said in a more colloquial way before an attack through identity theft.
What is phishing?
We are going to explain it in a simple way so that all those who receive one of these attacks know what we are talking about quickly, directly and without many detours: phishing is an attempt to steal data which can be banking, passwords, streaming video and audio services, app store accounts such as the App Store or Google Play, etc. With this very direct explanation we can say that we already have one thing clear, phishing is not a good thing for us.
We are clearly talking about a blatant attempt to steal personal data, whatever passwords they are. Some of these attacks get straight to the point and they will ask us to cancel a purchase that we have not really made or a charge of "X" euros, dollars or similar that we have not made.
In all cases the purpose of these emails is get hold of this sensitive data and then take advantage of it in some way selling our accounts to other people in the case of content / entertainment accounts and in others directly emptying our accounts as in cases of identity theft of banking entities.
How to avoid phishing?
Another key question is this: How can we avoid phishing? Well, although it may seem difficult to escape from these attacks, it is much simpler than we imagine when we talk about attacks through our email account.
The first thing we have to do to avoid these types of attacks is to have common sense. Yes, before falling into the trap that cyber attackers put us, we have to be cold and read the message several times, here it is not worth rushing or being scared, since that will lead us to deception by clicking the link and losing this battle.
Once we have read the message we receive, we have to think if we have really used this application for which "they want to charge us", if we have made any movement in our bank account or if we really have the contracted service that "they want to cut us for not paying" .
The method of fooling users is getting more ingenious and better in terms of presentation. In the past, these types of attacks were much harsher with clear spelling mistakes and even direct translations from Google Translate. to our language to try to deceive us. Nowadays, all this has been improved a lot and it can be difficult to try to avoid phishing at times.
The best way to avoid phishing is to contact the service or bank directly from which the email comes, but there is another, easier way to avoid being deceived by these hackers. In this case what we have to do is check the sender of the email that reaches usSurely it has nothing to do with the company, entity or service that they tell us about in the content.
Remember that there is no exclusive filter for this type of attack on our email accounts, so use common sense when we see a suspicious email It can save us from a good headache.
Examples of Phishing
In most cases we find clear identity theft attempts and they ask us to confirm our bank account data by confirming these from a link ... It can be said that this is an action that many of us would not fall for, but thousands of users are deceived with this type of messages on a daily basis, either because they do not look at the details of the mail itself or directly because of the fear of losing their accounts.
Apple is one of the firms that is usually in the crosshairs of attackers. This company has one of the largest app stores in the world and this is a strong point for the impersonators who see a gold mine with targeted attacks on the most unsuspecting. A purchased app that is not real, a subscription that you do not have of an application or even a prize not obtained with its corresponding link to it can make the most painted fall into the trap.
Always check email senders
There is no better measure to avoid these attacks than to always check the email address from which the email is being sent to us. Yes, it may seem like an absurd measure at first but it is the most efficient to combat phishing attacks. This is simple to carry out, it will not take us too long and allows us to verify the person who sends us the email to impersonate our identity and keep all our data.
It is really simple. We only have to click on reply to the message we receive when something does not seem too normal and see who we are sending that message back to, that's when you realize that the address does not correspond and that you are suffering a full-blown phishing attack.
Some companies have accounts to report phishing
The most common thing before a phishing attack is to contact the entity, company or company directly to report what happened and in some cases these companies even have their own email account to make our report. In the case of the technology company Apple has two accounts available to report it and we share with you the process for it:
- If you receive an email that appears to be from Apple and you suspect that it is a spoofing attempt, send it to reportphishing@apple.com
- To report spam or other suspicious email that you have received in your inbox on your iCloud.com, me.com, or mac.com, send it to abuse@icloud.com
- To report a spam or other suspicious email you've received via iMessage, tap Spam and report it as soon as possible
Surely many companies have an email address or even a specific section on their official website to report these misuses of their image to steal user data. It is best to notify them of this so that they can take action and try to eliminate these types of messages that may be a real headache for less cautious users. Bothering a few minutes to forward the message to the company, bank or similar can be good for other users who are affected by these attacks.
Go to the competent authorities sharing the phishing attempt In the official Twitter accounts of the police of your country it can be another of the best contributions you can make so that other people do not fall into the trap. Many times the simple fact of communicating what happened can be shared by the networks and other users benefit from it.
Unsafe web pages and online shopping
We are not saying that only users' email is used to launch these phishing attacks, but it is mostly the method used because of how simple and fast it is. In any case enter unsafe web pages or make purchases from unknown sites It can also be a problem in this regard, so we have to be very careful on these sites to prevent data from being stolen.
It is somewhat less frequent for something simple and it is precisely that the user is more attentive to the purchase or access to the web since you are using money, but sometimes it can also be a simple access to user data. That is why we have to have double-factor security on the cards activated in our online purchases -with which a message is sent to us before the final payment- and above all be careful in online stores with incredible offers, products at cost and others.
These types of pages may be the ones that finally become more expensive for users and the solution is to surf the net a bit looking for information about that store and references to prevent them from obtaining our username and password.
Are phishing attacks frequent?
Before finishing with this article in which we tell you what is phishing and how to avoid it easily? it should be noted that phishing attacks are not common in most cases and therefore we have to be calm and confident when we receive an email with links to a news item, application or similar.
It is logical that in some moments of our life on the Internet we receive this type of mail in which they will try to usurp our data, but this is not always the case. The important thing is to be sure before the arrival of a new email message with suspicious appearance and not to trust the links that we find in them as well as to be careful in the unsecured web pages that we agree to avoid entering personal data.