Fintech companies put significant effort into maintaining cybersecurity, but hackers keep testing its endurance. Some of the techniques used by cybercriminals are targeting ordinary Internet surfers rather than savvy IT specialists – and phishing attacks are among the most common frauds.
Likely, you have already heard about phishing, but can you easily remember the phishing definition? Phishing is an attempt to mislead you into providing sensitive data in order to steal your identity (and assets). First phishing attempts date back to the nineties when a group of hackers pretended to be AOL administrators and sent fake emails asking users to enter their login and password to 'verify' the account. Sounds familiar? Phishing attacks have evolved since then and have spread to other channels, like SMS or social media.
Common phishing scams
Imagine you receive an email with a 'special offer' designed exclusively for you – with some unbelievably lucrative terms. To claim the 'offer,' you only need to register at a website or download a file attached to the phishing email.
Or, imagine someone sends you a friend request on social media: you have many common friends. What could go wrong? A few days later, your new friend sends you a link to a very funny video or a limited offer that you definitely need to check out – the phishing link may look odd, but you are likely not to notice it. If you enter any information at a fraudulent website, it will likely be collected by hackers. Quite often, you may be asked to provide your payment details (or even to conduct a payment at a website). As for the links and attachments, clicking on them may infect your computer or smartphone with malware. In this case, hackers may get access to your personal data and even gain control over your device.
Phishing messages may come from a number of channels, including:
Email
SMS
Social media
Voice calls
As for fraudulent websites (sometimes imitating those of the services you are used to), suspicious messages in your inbox are not the only place to find them. Certain ones are designed to be easily found on web search, and some phishing links can even be added to web ads displayed by unauthorised providers.
Advanced phishing methods
Certain types of phishing attacks are more advanced: for example, spear phishing targets specific people or groups (like the employees of a particular company) in order to retrieve sensitive data. Even though these people are instructed to stay vigilant, the phishing emails are often designed to look highly reliable. Whaling is a lot like spear phishing: it targets a particular individual (for example, a top manager of a company with access to strategically important information).
How to protect your data
All of the above may sound scary, but there are ways to stay safe, even when there is plenty of phishing on the web.
If you are not a top manager of a company getting ready for the IPO, hackers will most likely need your authorization or payment details. Therefore, you only need to keep your passwords and card or bank account details secure.
Here are a few rules that will help you manage your passwords wisely:
Do not use one 'life-saving password' for all the websites and services that you use. Create a separate strong, complex password for each of them instead.
Do not send emails or messages with your passwords.
Do not use common combinations like Pas$w0rd or the password made of your dog's name and birth date. Instead, think of something that noone could guess.
Use an authorised password generator (for example, offered by Microsoft or your antivirus service).
Use two-factor authorisation (2FA) when possible.
And these are the recommendations for secure online payments:
Only use authorised services and shops. Consider any unfamiliar offer on the web to be potentially fraudulent: look into its legal information rather than the promo campaign terms.
If you are new to a service or website, check if it has a valid licence. Payment operators should regularly go through security certification.
Do not enter and save your card details before carefully examining the website or service.
Contact your bank's customer support in case of any suspicious activity linked to your card.
Do not enter your card's CVV or the confirmation code except when sending a transfer or making a payment. Remember, even the bank's support does not need these details to resolve your issue.
You should also stick to trusted services for all financial activities, from online payments to money transfers.
Andrey Bletch, Head of IT Security at Profee "We take a variety of measures to keep Profee secure. We follow the highest data protection standards to mitigate the risks of hacker attacks. We comply with the EU legislation and regulations and get our PCI DSS certification updated regularly. Last but not least, we regularly train our personnel and use firewalls and various filters to prevent malware from entering our system".
Sometimes, going online seems like entering a haunted house: hackers and scammers are hiding in the shadowy corners, using every opportunity to get your details. Yet, if you follow the simple rules mentioned above and choose trusted services like Profee for processing your payments, you will only see the good part of it.
