Phishing is now more sophisticated
It’s a very old attack type and the base has maintained it. However, this has logically made users learn how it works and how to avoid being victims of this problem. At the same time, hackers have been perfecting their techniques.
How has Phishing improved? They mainly use two methods to deceive the victim: identity fraud or spoofing and using apparently legitimate domain names. This has an important impact, as we will see.
Think of an email you receive that is addressed in a generic way. For example, an email that says “error in your Netflix account.” You enter that email and you find things like “dear user”. You actually see an email that can be addressed to anyone. Now, what if you receive that same email but this time with your name in the subject and also in the text? It is without a doubt more personalized and, also, more likely that you open it and even click on a link.
That is one of the techniques that has made Phishing more sophisticated, but not the only one. Another case that is also very present today is the use of domains that pretend to be official. Let’s go back to an example in which you receive an e-mail, you look at the address and strange things appear, like letters or numbers without much meaning. You can quickly think that it is an email that they have created automatically and that it is a scam. But, what if that e-mail carries a domain from Netflix, Facebook or any other service? The thing changes.
This is exactly what they are also using. What they do is create domain names for that email that look real. Logically it is still a scam and they have nothing to do with the original company, but they try to get closer at least in the name and general appearance.
More official texts, logos and names
But not only do they now use these two techniques, but they have also perfected the way we are going to view that email. They take care of every detail so that it seems that the e-mail that we receive and that tells us that our account has a problem is really from Twitter, Facebook, Netflix or any legitimate service.
The first thing is that the text it is well written. Nothing to do with the emails that we could receive before and we saw that they were badly translated, spelling mistakes or paragraphs without much sense. They will also use official logos of those platforms.
But in addition to this, they are starting to use real names. That is, they send that email on behalf of a person who actually works for that platform. This makes the victim less suspicious. Let’s even think of a company that has to receive an invoice from a certain organization. They can impersonate that organization and the person behind the company who is going to receive the e-mail will not be suspicious. In this way they can sneak a malicious file.
So how do I protect myself from Phishing? As we have seen, it is now much more sophisticated and they prepare their attacks better. However, the way to defend ourselves is the same: common sense, use security programs, keep everything up to date … It is essential to always observe what we have received, what links it contains, etc. Phishing is one of the most used methods to steal passwords and we must be prepared to avoid it.