I believe that for those who are not in the IT or information security field, the term 'Phishing' may not be very familiar. However, everyone does need to know what it is.
Without beating around the bush, Phishing is a form of social engineering where the attacker or cybercriminal seeks to deceive us through the sending of fake messages via email, SMS, or phone calls in order to gain illicit financial advantages, such as stealing our personal or financial data.
According to the"Online Criminal Activity in Brazil" report by Axur, they identified 34,000 phishing pages in 2022. In the fourth quarter of the year, 9,266 fake pages were identified. The second half of 2022 saw more intense detection of phishing pages compared to the first half, with 15,360 cases from July to December.
Cross-referencing this information, the DBIR 2023, p.8, states that Phishing is one of the three most common methods used by attackers to gain access to organizations, along with stolen credentials and vulnerability exploitation. I could continue to provide references that highlight how prevalent Phishing still is, but I believe these are sufficient to show that we need to be extra vigilant.
So, Vitor, how can we avoid falling victim to these Phishings?
It's true that many Phishings today appear very realistic, but paying attention to the following points can save you:
Beware of shortened links.
Check for spelling errors.
Be cautious of requests for personal information.
Watch out for a sense of urgency or threats.
Avoid opening unsolicited attachments.
Examine the email's formatting.
Confirm the sender's identity.
Be skeptical.
Now that we've revisited what Phishing is and how to identify it, I suggest testing your knowledge by playing Google's 'Phishing Quiz:
Link to play: Jigsaw | Phishing Quiz
Note: You don't need to use real data for registration
Have fun!
:)
Comments