In recent weeks he has been shooting a chain on WhatsApp in which an alleged “Amazon manager” offers a job offer.
What is evident in this case is that this message is false and is classified under the scam modality called phishing or fraudulent communication.
Against this background, Aamir Lakhani, Global Security strategist and researcher at Fortinet, recalled that These types of cyber threats usually reach users through email, messaging platforms, SMS or social networks.
“During these frauds, the attacker poses as a trusted contact to steal sensitive data such as account login credentials, bank account number or credit cards,” said the expert.
Some of the most well-known types of phishing are spear phishing, clone phishing (imitate official entities), wishing (use of the conventional telephone line), whaling (website and email spoofing), snowshoeing and corporate email theft, among others.
“What unites these attacks is that they pursue the same objective, identity theft or transfer of malware”, he explained.
How to fight phishing?
1- Enable spam filters: this is possibly an organization’s most basic defense once morest phishing. Spam filters are helpful as they provide an extra layer of security to the network, which is especially important given the popularity of email as an attack vector.
2- Update software regularly: To ensure that both the operating systems and the software used by the organization are updated on a regular basis, patching can harden vulnerable software and operating systems once morest some attacks.
Can read: Do not trust! Digital signature is not just scanning the one you made by hand
3- Implement multi-factor authentication (MFA): MFA requires a user to provide multiple pieces of information before logging into a corporate network and gaining access to its resources. In general, this requires implementing at least two of these three elements: something you know (password or PIN)something you have (physical token), and something you are (fingerprint, iris scan, or voice recognition).
4- Back up the information: All corporate data must be encrypted and backed up on a regular basis, as this is critical in the event of a security breach or compromise.
5- Block untrustworthy websites: use a web filter to block access to malicious sites in case an employee inadvertently clicks on a corrupted link.
While phishing is a very popular attack technique among cybercriminals, the reality is that it is just the tip of the iceberg, Lakhani said.
Can read: What you should know regarding the gaming world: figures, tools and cybersecurity
He added: “Cybercriminals are constantly adding new techniques to their playbooks to bypass defense mechanisms, evade detection and scale their operations. Our threat intelligence shows that criminals are finding new attack vectors to experiment with vulnerabilities already known and increase the frequency in which they execute them”.
