Online frauds involving phishing are on the rise. That’s mostly because a growing number of consumers are buying products online. Not to mention that the number of online banking transactions between firms is growing.
Methods to lure you into entering your credit card data into a form on a fake site vary. It may take the form of a random email message with an infected link inside, it can be a carefully crafted spearphishing message that looks like the one you expect from your accountant or you can land on a fake website that replaces a specific site when being accessed from certain networks.
Evidently, webmail services and SaaS products are the main targets of cyber-criminals as both provide them with valuable login credentials to exploit.
Most websites use your email address as a username and most users keep their passwords for various online services somewhere in their inbox. By getting access to your email login credentials through a website that mimics the original webmail service, an attacker gets access both to passwords stored in your inbox and access to your email account, which can be used to change passwords you use for any service.
The most widespread kinds of phishing emails that want to steal sensitive data from you are trying to make you open a website on which you are asked to enter one or more of the following details:
Actually, these fake websites are looking to collect as much personal information as possible. They can use it for identity theft or getting access to bank card accounts or other financial/business accounts. And fake sites are coming to you using various channels.
Cyber-thieves are taking advantage of each and every online channel to make you visit their malicious website that mimics a legitimate one.
Hackers deliver phishing links to fake websites through email, ads on Google, Bing, and other popular search engines as well as through social media sites.
If you are a C-level executive, business owner, or a public figure, you may get a meticulously crafted fake message. It might replicate a legitimate invoice from a partner. Even worse, it might ask you to log in and change some info in a business-critical application online.
High-level phishing campaigns may involve even phone calls from fraudsters who pretend to be calling on behalf of your banking institution or one of your business partners, also asking you to log in to a website that is being replicated to steal your account credentials.
While mass phishing messages are easy to spot due to bad grammar, poor design, etc., scams that are more sophisticated are harder to identify but there are still clues you should be looking for.
Modern web browsers have built-in protections against phishing sites and sites that contain malware. But these will not work against a fake site made by a professional hacking group.
A good practice is to always check if you are logging into the correct domain when using business-critical services. These include the likes of webmail, online accounting, and invoicing tools, and any online banking app.
Replicating the design of Google’s login page is easy while tens of thousands of businesses are using Google’s business suite of online tools that comprise corporate emails, office editors, and video conferencing.
Here is how a fake Google business account login page might look like:
That is one of the reasons for Google to redirecting you to their correct address if you type “Gogle.com” in your browser’s address bar and warning you if you type “Gooogle.com”, which is also a domain registered by Google.
You should make the checking of the address of the website or the online service you are accessing a habit. However, there are more routines you should develop in order to avoid fake sites and online scams.
Finally, use common sense when browsing the Internet. Think twice when following links you receive in your inbox or another communications channel. Your bank will not ask you to confirm your account credentials online once you have opened an online banking account with them.
Most of the time, the average user should fight with fake websites and phishing messages himself. Enterprise-grade antivirus suites and some advanced VPN apps are very good tools for protection. They are able to detect malicious links and sites but not all of them and not all of the time.
Developing strong habits to check whether you are visiting the right (original) website and not reveal sensitive information online is your primary line of defense against online scams and bogus websites. Enhancing your device’s security measures is yet another way to protect yourself. Don’t take the threat lightly; You’re risking your private information without taking proper precautions.