We are already 7,6 billion people in the world. Only in Internet, there are 4,4 billion of them - that is, almost 58% of the planet’s population is online. For this reason, in recent years, there has been an explosion in the number of users of smartphones, computers and tablets.

In social networks, there are already 3,5 billion active users and, of the 3,8 billion smartphones in use, 3,2 billion access social apps frequently. Thus, more and more devices are connected and the production of data per second has increased considerably.

advertising

These new technologies lead to innovative business models, in which information can be what really makes a difference. As the volume of data produced in the digital universe doubles each year, estimates of IDC consulting indicate that it is expected to reach 44 trillion GB (44 ZB) in 2020.

In the midst of all these transformations, it is common for there to be a lot of concern about protect computers - but that other devices remain unsafe. In addition, new work formats, such as home office and bring your own device (Bring Your Own Device - BYOD), insert domestic equipment in corporate contexts.

This means that there are more doors for invasion, more and more information in circulation and, consequently, an increase in cyber risks. The numbers are huge: an Accenture survey shows that the average cost of each digital crime per company was, in 2018, $ 13 million.

In addition, Symantec points out that 24 malicious mobile applications are blocked every day. To top it off, according to Varonis, cybercrime-related damage is expected to hit $ 6 trillion a year in 2021.

But what about phishing?

This is a very conducive scenario for phishing - no wonder, it is among the main threats to cybersecurity. It is through it that scammers can obtain personal information from users, such as credit card number, bank accounts, passwords, social security number and the like.

Playback

Their attacks are practically ubiquitous, that is, they are not limited to just a few channels. According to Cyxtera, which detects and prevents electronic fraud, about 90% of attacks start with actions that use this technique.

Phishing is generally created by fraudsters who identify vulnerabilities on a system or gain access to it with stolen credentials. A very common mechanism is the use of similar domains (almost identical replicas of a website with a similar URL) and sending emails to customers of the organization whose page has been cloned.

Attack types

The most well-known phishing scam is the email campaign and the phishing clone. The recipient receives a fake message - be it a large network of users or a specific individual - but it looks real and then directed to illegitimate websites. And many Internet users do not have the tools to recognize these threats.

Playback

Real Santander website: URL uses HTTPS (a standard that is secure) and SSL certificate - represented by a green lock on the browser bar

Playback

Santander fake site in phishing clone scam: there is no HTTPS or padlock on the browser bar - indicating that the site is unreliable

A specialized form of phishing is the compromise of corporate emails (Business Email Compromise - BEC). In this case, highly detailed messages are sent to impersonate high-level executives or employees of the financial sector of organizations and thus have access to confidential information or request money transfers.

Since 2013, losses with BEC have totaled more than $ 12 billion. And, since those behind corporate e-mails are ordinary people, the chances of success of this type of fraud are equally high when companies do not have policies to restrain the progress of these activities.

Read also:

But it doesn't stop there: phishing can come in other ways. In addition to reaching e-mails, attacks are sent to any point of contact with the user - they can be malicious apps, fake social media profiles, SMS and others.

The rapid popularity of smartphones has turned app stores (mostly unofficial ones, but in some cases even official ones) into an important vector of targeted phishing attacks. Fake apps that mimic officers are used to attract users and get them to provide confidential information and access data.

Another important source of phishing attacks is fake social media profiles. Criminals using this technique create fake, real-looking accounts to trick victims into providing personal information. 

Where does phishing come from?

Most of these emails come from legitimate organizations, such as government agencies or benches. In general, they are messages that inform the need to update, validate or confirm information.

It is common for them to point out the occurrence of problems and offer a direct link to the solution. When clicked, the user is directed to the fake website and encouraged to provide personal information - which can lead to identity theft.

It is worthwhile, then, to be attentive when receiving messages that ask for confirmation of data by email or that contain direct links to websites. Therefore, whenever you have doubts about the legitimacy of a communication, please contact the sending institution.

Unlike other virtual pests, phishing cannot be removed - after all, nothing is previously installed on the computer. On the other hand, it is possible to prevent and avoid being deceived by him. For this:

  • do not click on links that arrive in unsolicited emails (or are on Facebook);
  • do not open email attachments if you are not sure where they come from;
  • protect your passwords and don't reveal them to anyone;
  • do not provide confidential information over the phone or email;
  • check the address of the sites you visit: often, the email looks legitimate, but the URL may have a typo or different domain;
  • keep your browser up to date.

Are there other forms of phishing?

Yes. One of the most popular of these is DNS hijacking. Only this year, the Avast blocked more than 4,6 million attempts to falsify requests between sites (Cross-Site Request Forgery - CSRF) in Brazil. These attacks allow you to modify the settings of DNS from a website and then run phishing and cryptocurrency mining campaigns.

It is common for this type of action to start when the user visits a website compromised by malicious advertising (known as malvertising). In Brazil, the malvertising it is often found on adult content sites, illegal movies and sports.

As soon as he visits the compromised website, the victim is directed to a page where a router exploit kit has been installed. Automatically, then, an attack on the device starts in the background - and it is often successful, since most routers have weak passwords.

First of all, we try to find the equipment's IP on the network. Then, several trivial passwords are attempted. Some of the credentials that the exploration kits try to use are:

  • admin: admin;
  • admin :;
  • admin: 12345;
  • Admin: 123456;
  • admin: gvt12345;
  • admin: password;
  • admin: vivo12345;
  • root: root;
  • super: super.

Once hijacked, the router is configured to use rogue DNS servers and thus direct the user to fake pages that look like authentic ones. One of the sites that recently became popular with DNS hijackers was Netflix. According to Avast, the seven most frequently hijacked sites in Brazil are:

  • Santander (24%);
  • Bradesco (19%);
  • Banco do Brasil (13%);
  • Itau BBA (13%);
  • Netflix (11%);
  • Cash (10%);
  • Serasa Experian (10%).

These institutions are targeted because they are very popular. At the same time, since phishing sites are outside their domain, they can do little to protect customers - apart from alerting them.

How important is cybersecurity?

That's where the cyber security. It ensures the protection of systems, networks and programs against intrusions that seek to gain access, change or destroy information, extort people or companies and interrupt processes and operating systems. Therefore, it is essential to understand and respect basic digital security standards.

This includes backups, password updates, navigation precautions and so on. One of the most basic measures (which can be adopted in any environment) is, when visiting the bank or Netflix website, for example, to check if the page has a valid certificate - which appears in the form of a padlock on the browser bar. In addition, it is worthwhile to update the router frequently and configure credentials with a strong password.

In companies, this mindset must involve all areas, not just security. Therefore, they must have well-defined processes and behaviors: from web browsing to accessing sensitive information and databases.

At the same time, it is necessary to establish rules to be followed in cases of threats to digital security. Thus, if there is any attempt at attack, it is known what actions to take and why. In other words, cybersecurity goes far beyond firewalls and anti-virus: it involves the governance of the company. People, processes and technology must be complementary.

Os cybercriminals they know that organizations use strategies to prevent phishing and other attacks and, therefore, constantly adapt the tactics they use to circumvent these mechanisms. In the corporate environment, it is essential to have full visibility of attacks to prevent them from advancing to the point of causing irreversible damage before being detected. If detected at an early stage, there are more chances of avoiding negative consequences.

Have you watched our new videos on YouTube? Subscribe to our channel!