How are we able to be trapped?
You are likely to find links to phishing sites in emails or in the service windows of programs under the guise of:
- an important message (for example, from a bank) with an offer to install the security certificate that is required for online banking operations (sometimes the victims are not customers of the bank but visit the fraudulent page out of curiosity);
- an urgent update for the operating system/browser/application/online game, which requires the victim's mobile phone number and a code received in SMS. Thus, the victim becomes subscribed to a chargeable service, and a fee will be regularly debited from their mobile phone account;
- a VERY advantageous promotion that must be taken advantage of immediately by visiting a particular website;
- a message about a gift or winnings (for example, in an online casino or lottery) that can be acquired by entering a mobile phone number or sending a paid SMS;
- a request to answer a questionnaire and receive a gift (but a debit card number and the password used to access online banking must be entered in order to get the gift);
- a collection of wallpaper or other free content (hundreds of variants are possible), which can be accessed by clicking on the button in the letter/application.
New attack scenarios appear daily!
Some examples of phishing sites
Once a user reaches a fake web page, scammers employ various techniques (social engineering) to encourage the user to divulge their login and password, allowing fraudsters to access the user’s accounts.
The main danger of phishing is that EVERYONE can be hooked: a beginner as well as an advanced user.
A phisher is a fine connoisseur who knows how to pull at the heartstrings of Internet users. While inventing newer and newer ways of committing fraud, the phisher, like an experienced psychologist, uses our predictable reactions to a variety of information for criminal purposes. Here are just a few of the lures used in this criminal “fishing”.
- Intimidation - the need to eliminate the cause of fear, to correct the situation, and find out what the problem is (enter a phone number to get the unlock code and fix the problem.).
- Emotional outburst – as an impulse, based on the desire to participate in and obtain something, as well as a seasonal (pre-holiday) impulse — to amplify or tone down their participation in something, to find emotional harmony (basic motive: "I just can’t miss it!")
- Discipline, obedience (emphasizing a victim's education, beliefs, and experiences) — the need to follow received instructions (to install the program).
- The desire to be lucky and successful, and to get the gift right now (go to the website to get the gift).
- Hurt political views /confessions — indignation and the need to express it (go to the page).
- Inattention, carelessness — an addiction to clicking on all the buttons, to follow any "advice", to participate in any promotions.
- Curiosity (the need to learn new things; provocation, the feeling that everyone but you knows something; something unusual that is easily accessible).
Visit the following to learn more about how your system can get infected via phishing attacks.