Authored By: Clement Lee, Principal Consulting Security Architect, Asia Pacific at Check Point Software Technologies
The period which comes after Christmas, brings with it a new era of sales during which cybercriminals take advantage of the increase in the volume of digital transactions to launch phishing campaigns in search of new victims. The team at Check Point warns that, over the past year, phishing attempts have increased by an alarming 40.9%, with the creation of 1.5 million new phishing websites every month.
Phishing, which is a type of cyber threat through which a cybercriminal tries, fraudulently, to collect confidential information pretending to be a trusted company or person, is one of the most used types of cyber attacks worldwide. This type of attack has a great percentage of success, since thousands of people are victims of scams through emails that offer great discounts, exclusive advantages, and more.
However, the risk of being the next victim of a phishing attack can be reduced by simply following this 4 keys to identifying these emails:
1. Haste is never a good adviser
Cybercriminals try to impersonate large established companies to take advantage of their image and the trust users have in them. In general, the messages they send stand out for their urgency, inviting the recipient to take advantage of great discounts or demand that the recipient verify some personal data for security reasons or to not lose their user account.
2. Lack of personalisation
Emails that are part of a phishing campaign are communications that hardly show closeness to the recipient and tend to generalised greetings as “dear customer”, rather than personalised options that include the client's first and last name. In addition, on many occasions, the "To" field of the email, that is, to whom this email is addressed, is empty. Therefore, it shows that it does not reach us from a company that actually has all our data. These are indications that show that it is not an official communication by a company, but that someone is impersonating their identity for their own benefit.
3. They incorporate attachments or several links
Although it is true that an informative email sent by a company usually incorporates a link so that you can visit its website, it is normal that this type of communications does not include attachments or many links. Check Point experts point out that it is essential not to download any type of file if the sender of the email is not fully trusted. They also warn that differentiating a malicious link is simple: you just have to hover your cursor over the URL (always without clicking) and see the address from which the link actually derives. If it is not the advertised website or it is not trusted, it should not be clicked under any circumstances.
4. They send the mail to an account that is not registered to the service
The number of digital platforms to which we are currently subscribed causes many users to create accounts that they use exclusively for specific types of services, in addition to the ones they already have for personal, professional use, etc. For this reason, when an email arrives, it is essential to first ask if that is the address with which we are registered, since, if it were not, it would be a clear indicator that someone is trying to steal information from us.
Phishing is one of the threats with more history in the world of cybersecurity, and although it is at a lower level of technological development than the new generations of cyber attacks, its success rate is still very high. However, avoiding its effects is a matter of a simple basic concept: prevention. At Check Point, we highlight that, the more cautious, better informed and more users think before clicking, the greater their level of protection against these types of risks.
In addition, the company also warns of the need for security tools that help us navigate safely. Security tools like Check Point’s ZoneAlarm Extreme Security, scans and deletes websites before the user enters their personal information, alerting him if it is a safe site to use or a phishing site. There are also tools available for protection against more types of cyber attacks, such as the registration of keystrokes, rescue software or infection with advanced viruses and malware.