As we told you in the previous article, there is a group of cybercriminals who, taking advantage of the benefits of the Internet and the great interconnectivity, have sought all possible mechanisms to carry out scams and crimes through phishing, stealing data and confidential information from their victims.
Based on the above, we would like to share with you the best tips for you and your collaborators to be aware of any extortion attempt by phishers.
How to recognize a Phishing message?
According to the article on the Panda security website, these are the main key points:
- From the beginning, it is already rare that companies (banking, telecommunications, etc), ask us for personal data via email or messages. If this happens, you already know that you should be alert.
- The first point sounds easy, however, it is not always easy to recognize phishing messages by their appearance. However, it takes time and effort to faithfully replicate a company’s formatting, which criminals are often unwilling to invest.
Spelling errors and inconsistencies are a clear indication that something is wrong. Also look at the sender’s address, it is always a bit strange.
3.Be very careful in the operations you perform from your smartphone. The growing popularity and relevance of this type of devices has made us do and undo everything in one place.
Fun fact: «In 2013, 110 million customer and credit card records were stolen from customers of retail giant Target.»
How can we protect ourselves from Phishing?
1.Don’t open emails from unfamiliar senders.
Don’t click on a link within an email unless you know exactly where it will take you.
3.To apply an extra layer of protection, if you receive an email from a source you are unsure of, manually navigate to the link provided, just type the legitimate website addess into your browser.
4. Look for the website’s digital certificate (The SSL certificate is a small data file that digitally binds a cryptographic key to an organization’s data. Once installed on the web server, the certificate activates a padlock and the https protocol, thus enabling a secure connection from the web server to the browser).
5. If you are asked to provide sensitive information, check that the page URL begins with «HTTPS» instead of «HTTP». The «S» stands for «secure. It is not a guarantee that a site is legitimate, but they are more secure. HTTP sites are vulnerable to hackers.
6.If you suspect an email is not legitimate, select a name or part of the text of the message and run it through a search engine, so you can see if there are any known phishing attacks that use the same methods.
As always, the most advisable thing to do is to use some type of anti-malware security software and to have a corporate culture where all employees are trained to understand and be alert in case of a possible attack that could have an impact on the company.
Although the insurance industry has recently started to use technology in its operations, it is true that it is not exempt from cyber-attacks, since it handles a large amount of data and information on a daily basis.
This is why at LISA we use security software to ensure the security of our clients and the entire environment where we develop our ecosystem and interconnection.