The email may look real, and the link it includes is hard to resist: a package held at customs, a notification from the bank about a credit card charge… maybe even a prize we won. Phishing cyber attacks are a real threat to take advantage of weakest link In the series: Humans.
The scam works through deception. The attacker creates emails or text messages that look almost identical to those from the company they are trying to impersonate, typically prompting the recipient to either Click the link or open an attachment; The former harvest credit card or bank data, while the latter inject some kind of malware into the system.
Artificial intelligence to escalate attacks
Regarding the scale and accuracy of phishing attacks, the odds are not good. Advances in artificial intelligence will lead to a Identity theft madnessFrancisco Arnau, regional vice president of cybersecurity firm Akamai for Spain and Portugal. “Looking to the future, we can expect that continued advances in artificial intelligence, such as those seen in systems like GPT-3, will make targeted phishing more compelling, scalable, and popular.”
These systems allow the generation of “millions of emails or text messages, each tailored to the individual recipient, and each with compelling human-like qualities,” Arnau continues. This will pose a major challenge to existing anti-phishing technologies and “will make it more difficult for people to detect suspicious messages.”
How to protect yourself from a phishing attack
The first thing to understand is that these attacks can target anyone. They do not discriminate between individuals or companies, and are released en masse – with disastrous consequences for those who fall in love with them.
The numbers are staggering: it is estimated that nearly 15 billion emails are sent from these properties each day, of which a third are opened. This technology also accounts for 90% of all security breaches in the world. So how can you protect yourself from a phishing attack?
Doubt is your greatest ally
“When you receive a very tempting offer, you’d better be skeptical,” explains Fernando Suarez, president of the General Council of Official Colleges of Computer Engineering in Spain. This expert resorts to the most important protection barrier, which can save the user from disastrous consequences. “The bank will never ask us to change your password through an email or by clicking on a link.”
Kevin Mitnick, a well-known ex-hacker, explains to EL PAÍS that “people tend to trust unless they’re already victims of a cyberattack, or if they’ve been taught about the danger of phishing.”
Never click on a link, and ask before opening any attachment
All phishing attacks have one of two basic components: either a hyperlink or an attachment. The goal of the attackers is to obtain valuable information from the recipient (to get their way through their checking account or credit card) or to install malware with worse intentions.
Suarez points to the fact that these links are usually maliciously manipulated: “If you receive a hyperlink and it makes you suspicious, it is best to manually type in the URL of the company you claim to belong to.” The general rule, however, is that you should never click on a link or open attachments that come in an email. For the latter, the recommendation is to contact the sender by other means to verify the source of the attachment, be it a phone call, a WhatsApp message, or a text message. But do not reply to the email.
Take a look at the From field.
Cyber attackers are getting more sophisticated when it comes to crafting emails, but they can’t always camouflage it completely. One of the keys to phishing detection lies in the domain of origin: if you come across senders that have domains like “microsoft-support.comorapple-support.com(similar to the original ones, but not quite), you’re looking at a phishing attack. In any case, when in doubt, it’s best not to interact with this email.
The same applies to text messages, explains Suarez, who warns of additional dangers: on mobile phones we are less cautious and act more impulsively than on computers. Shipping companies are collateral victims of cyberattacks, especially during periods of high activity, such as Christmas. A vague message demanding payment of customs duties for a package would be phishing: “Never would a bank or other large entities ask for an instant payment via cell phone,” Suarez explains. The problem is not so much the payment, which is usually low, as the fact that when you do this, you are handing over your credit card information to scammers.
What time was the message sent?
Mitnick’s experience in this field is invaluable. The expert offers a telltale sign that can help identify phishing: when the message was sent. Be wary of a letter sent before sunrise demanding payment or a response. Internet users are usually associated with environments in their own time zone, so any activity outside of it should be cause for suspicion.
In the same way, the Subject field can be a marker of email intent: Is the language too casual? Do they address you with your email address instead of your name? In addition, if the subject field shows “Re:” indicating a reply to an email you never sent, you see another camouflage technique used by attackers online.
Beware of urgent work requests
Another tactic hackers use when carrying out a cyberattack is to convey a sense of urgency. This is evident in messages where so-called couriers warn you that you have a few hours to pay a fee or a package will be returned. These types of companies do not usually send these types of messages, and in any case, the first step you should take in this situation, if you want to confirm the authenticity of the message, is to contact them some other way.
Your guideline should be to “never click or enter a username and password in a conversation you didn’t start; it’s a simple rule everyone should follow,” says Mitnick.
signed for Weekly newsletter For more English-language news coverage from EL PAÍS USA Edition