Tips to Avoid Phishing Scams

 

Due to the growth in the number of “Phishing” incidents reported in recent months, the forensic accounting experts from SDC CPA bring you the following recommendations to facilitate their detection and mitigate their effects.

What is "Phishing"?

"Phishing" is a form of deception by which attackers send a message (hook) to one or more people, in order to convince them to reveal their personal data. Generally, this information is then used to carry out fraudulent actions such as transfers of funds from your bank account, purchases with your credit cards or other criminal behaviors that require the use of such data.

The most common means currently used by attackers to carry out a "phishing" attack is email. Their messages are usually very convincing, since they pretend to have been sent by a known and trusted entity r with which the user usually operates, for example, a bank or a company with which they carry out commercial transactions over the Internet. Various reasons are alleged in the message, such as technical problems, update or revision of the data of an account. Next, to - supposedly - verify or modify your personal data, you are asked to enter a certain website: your full name, ID, access codes, etc. Said web page is, in reality, a forged site that pretends to be that of the entity in question, but since its design is usually very similar to that of the organization whose identity they have appropriated - sometimes it is practically identical , the user does not see the deception.

In other cases, explain from SDC CPA, the ruse is based on the similarity between the web addresses of the authentic and the apocryphal site. In many cases, the text of the link written in the email corresponds to the real address of the website and if the user clicks on said link, they are redirected to a fake page, controlled by the attackers.

Other cases have also been detected in which the user receives an SMS message on his cell phone or a communication on his answering machine and even a phone call. Using techniques very similar to those previously described, an attempt is made to convince you to call a certain telephone number. In doing so, an automated system, forging itself to be the trustworthy organization, requests your personal data, which will then be used without your authorization, with the foreseeable burdensome consequences.

Prevention measures to avoid being a victim of "Phishing"

According to SDC CPA, a global investigation and forensic accounting company, the following measures are intended to minimize the negative effects of a “Phishing” attack and, if possible, to prevent it.

1.      If you receive an email that asks for personal or financial information, do not respond. If the message invites you to access a website through a link included in its content, do not do so. You should know that organizations that work seriously are already aware of this type of fraud and therefore do not request information in this way. Nor do they contact by phone, or through SMS or fax messages. At the same time, if you are concerned about the status of the account you have in the organization that claims to have sent the mail or that has contacted you, contact it directly, using the telephone number known and provided by the entity through reliable means, such as your latest account summary. Another alternative is to enter the official website of the organization, entering the corresponding Internet address yourself in the browser.

2.       Do not send personal information using email messages. Email, if encryption techniques and / or digital signature are not used, is not a secure means of sending personal or confidential information.

3.       Do not access from public places. As much as possible, avoid accessing the website of a financial or electronic commerce institution from a cyber-café, phone booth, or other public place. The PCs installed in these places could contain malicious software or hardware, intended to capture your personal data. In the case of using such an environment, most banking institutions offer the possibility of using an on-screen keyboard. Use it!