What is phishing and how to prevent it?

What is phishing and how to prevent it?

It is difficult to imagine our world without digital payments. They are fast, convenient and seemingly have no drawbacks. Perhaps this would be the case if there was no online payment fraud. Meanwhile, the further the progress in online payments goes, the higher the probability of becoming a victim of fraudsters, because these unscrupulous people also do not stand still and try to invent new ways to steal your data and money. In this article, we will take a look at phishing and how to prevent it.

 1. What is Phishing?

Phishing is an attempt to gather personal data through fraudulent websites, and emails. This term is used to define a cybercrime in which the passwords, credit card numbers, and bank account facts are illegally obtained. The hackers send emails with malevolent links; the client can become a victim because by clicking the link, he/she can lose the personal data. Phishers can also use social media and send links via direct messages, SMS and in many other ways.

The first phishing attacks appeared at the end of the last century, and now, according to Google, there are about 12.4 million phishing victims every year. The main targets for phishing are banks, e-pay systems, and e-auctions as such data can open access to the funds.


   2. Types of Phishing Attacks

Some specific types of phishing scams use more targeted methods to attack certain individuals or organizations.  

·   Spear Fishing

Spear phishing email messages won’t look as random as more general phishing attempts. Attackers will often gather information about their targets to fill emails with more authentic context. Some attackers even hijack business email communications and create highly customized messages.

·   Clone Phishing

Attackers are able to view legitimate, previously delivered email messages, make a nearly identical copy of it—or “clone”—and then change an attachment or link to something malicious.

·   Whaling

Whaling specifically targets high profile and/or senior executives in an organization. The content of a whaling attempt will often present as a legal communication or other high-level executive business.


   3.  How to prevent phishing attacks?

Despite the fact that traditional phishing methods are gradually becoming a thing of the past, this type of fraud still poses a serious threat to individuals and businesses. So, here are the steps to protect yourself from phishing:
·   Protect your device by setting software to update automatically. These updates could give you critical protection against security threats.
·   Use a password manager with an autofill. If a password manager refuses to fill in the password, it probably means that the website is not on your list, so you should double-check the URL bar whether you are in the right place. Moreover, at PaysTree we strongly recommend our clients changing their login password and payment password every 6 month. These measures will add an extra layer of security and protection to your funds.
·   Be careful with links and attachments that come by e-mail and on social networks, even if they come from friends or someone you know well. A friend's account can also be hacked and used for phishing emails. We would recommend you opening suspicious Word, Excel or PDF files in Google Drive. This will convert the document to an image or HTML file, which will almost certainly stop any attempts to install malicious software on your device.
·   Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. PaysTree has implemented a highly secure method of user authentication using OTP / MAC generator to protect your account from unauthorised access. If criminals receive your login and password using a phishing attack, they will not be able to pass the second level of protection.

   Concluding Remarks

Understanding the risks of phishing attacks and some of the most common types of it is an important first step in protecting against them. No one, even a trained IT or security professional, is completely immune to the ploys of attackers. Alongside numerous technical controls, PaysTree conducts employee training and adopts a personal “never trust, always verify” approach to online security. This is our last advice which is quite simple - be vigilant! Especially before handing over your personal data or following one’s instructions. Do not do this until you are absolutely sure of the reliability and origin of such requests.