Phishing techniques have become increasingly subtle and insidious. Discover the latest dangerous techniques and learn to recognize and defend yourself.
Phishing consists of sending emails, SMS or instant messages containing links or attachments aimed at misleading those who receive them.
They are usually sent in large numbers, to tens of thousands of people, to try to «fish» in the heap, just like a trawl fishing, the most unprepared people in order to deceive them.
Do not reply to e-mails that require verification of your credentials for access to financial services (of banks or other financial institutions).
Represents a specific phishing technique aimed at a specific person or category of people: the text seems to have been written to communicate with that individual, and has been forged ad hoc. Precisely for this reason it is even more dangerous.
In this case we speak of "whaling". It is a form of phishing aimed at "big fish", that is, aimed at the top management.
The scammer sends one or more spoof emails (forged sender) by fraudulently assuming the identity of top management (CEO) or an important customer. The goal is always to transfer
sums of money to the scammer's checking account.
Check if you understand. Answer the question...
A typical case is that of the scammer who writes to the CFO pretending to be the CEO of the company, asking urgently for a favor, almost on a personal basis. He asks to make the payment of a considerable amount using the bank details of an unidentified beneficiary.
In the next slide an example of a "CEO Fraud" email...
The sense of urgency, the threat of an authority figure, or the casual request for help are techniques used to get you to do rash actions. Acknowledge these feelings and always check with the sender.
This scam uses sophisticated and complex schemes to divert payment of bills to a bank account controlled by the attacker.
A typical case is that of the attacker who assumes the identity of a legitimate supplier of the company, requiring that invoice payments be made using new bank details (which are those of the attacker).
The attacker conducts a preliminary search for information on the company's suppliers. You then send counterfeit emails with payment requests. The sender's address is forged with a technique called "email spoofing".
In the next slide, an example of a "False Supplier Fraud" email...
This type of attack aims to transfer funds to the attacker's controlled account or obtain sensitive business information. The attacker contacts the employee directly, posing as a lawyer, claiming to be involved in an important case for the company: there is no time to fail! And the process takes place until the request is met by the employee.
In the next slide, an example of a "False Legal Scam" email...
This variant of phishing uses the telephone instead of e-mail. A classic case is a scammer who, posing as a call center operator, gains the victim's trust and then asks her for the credentials to access the bank account.
This form of phishing uses SMS and instant messages to convey the scam. For example, the victim receives a message informing about a problem with the bank account and a link to click to solve the problem. The link leads to a bogus site that intercepts the victim's credentials.
This technique uses QRCodes, which are increasingly popular. Often the scammer covers the real QR code with a code that hijacks the victim to a bogus link, built to steal login credentials.
The best way to spot a phishing scam is to listen to your gut. If something looks strange, check directly with the alleged sender if the message is original.
