Certainly everyone, although they are aware that the Internet is not a very safe space. There is danger lurking at every step, and in fact, the only way to be effectively protected is to act wisely . The Internet network is now a technology so accelerated that we transfer almost all our lives to it, and this opens up new opportunities for criminals. The main method used by criminals is phishing, which is obviously based on our naivety and inattention.
For this reason, it is so important that all branches of cybersecurity develop smoothly. But what about security, antivirus and other systems, if we lack common sense?
What is Phishing?
Phishing in the most general sense is a method used by criminals in the cyber space. It consists in impersonating a given institution or another person and extorting sensitive data, information from the victim or infecting their device with malware. Very often, phishing also manifests itself by persuading the victim to some specific actions, e.g. logging into an unsecured website.
In the past, phishing was not very common. This was mainly due to the fact that IT systems were just developing and were still looking for their own ways in the context of security. Currently, however, criminals must primarily rely on our naivety on the Internet. This is manifested, for example, by calls from the “bank”, underpayments for a package or other actions that are intended to persuade us to click on the link or provide some specific information.
Importantly, phone calls regarding health surveys or photovoltaics are also a form of phishing. They are designed to use previously prepared bots to force us to provide personal information. When it comes to personal information, it is also a very interesting thing, because very often we sell it 100% legally for some meager money without even realizing it. However, this is a topic for a completely different article.
Injured at our own request
To make you aware of the scale of cyber crime in India and US, I will use the report of the CERT institution , which deals with catching, analyzing and eliminating network incidents. Every year they make a large report, from which many disturbing conclusions can be drawn. You can read the report on which I will be based here. It’s definitely worth taking a closer look at it.
We are most interested in the statistics of handled incidents. We can conclude that by far the first place with a dizzying result of 86.4% is taken by computer fraud, the vast majority of which is phishing (76.57%). The institutions’ systems recorded a total of just over 116,000 reports of network incidents . This means that out of them, as many as 100,000 reports concerned computer fraud, including over 75,000 reports classified as phishing.
Do you think that’s a lot? Please remember that CERT USA takes into account only incidents reported to them. How many times in your life have you informed the CERT team that someone was trying to cheat you? You don’t have to answer, I think I know the answer. Together with my colleagues who also deal with cybersecurity on the basis of other statistics, we estimated that the number of incidents specified in the report is at least 9 times lower than the real number of network incidents in US. This is equivalent to the fact that the problem of phishing is a very serious problem, and I do not think that it is otherwise in other countries.
How simple prudence can protect us from phishing?
Do you know what the principle of limited trust is? You probably heard about her when you were doing your driving license course. Just like on the road, we should follow it in the network. Currently, the web browsers we use very often warn us about potentially dangerous websites, Windows Defender works quite tolerably too. For this, we only need common sense and limited trust.
Are you picking up the phone from the bank? Verify the person calling you. Do not give any sensitive data over the phone, let alone remember that an employee of any institution or company will not ask you for your login details. Do not click on any suspicious links that come to you via e-mail or SMS.
When selling something, do not contact the buyer outside the portal, e.g. via WhatsApp. Finally, check if the page you were redirected to is actually a trusted site. You can always check its certificate by clicking on the padlock icon next to the internet address. It takes so little not to be fooled. Therefore, I wish you prudence in using the Internet and I hope that you will pass it on to people who do not know such good practices in this field.