Phishing is a type of social engineering attack in which an attacker, pretending to be a trusted entity, tricks a victim into opening a fraudulent email, SMS or website. The victim is then lured into clicking a malicious link or opening an attachment, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information.
Victims may suffer the following losses if they inadvertently provide sensitive information or open a malicious file attached to a phishing email:
Theft of internet banking information
Victims receive a phishing email that pretends to act as their bank’s security division, requesting personal information and asking victims to enter an OTP (one-time password) obtained from their mobile phone. Then, attackers use that information to access the internet banking services and transfer victims’ funds to their own accounts.
Theft of credit card information
Customers of an online movie service receive a phishing message informing them that the service has been temporarily suspended. The victim is then asked to click on a link, which belongs to the attackers to update their personal information. Then, the attackers use that information to impersonate the victim online to perform fraudulent transactions.
Ransomware that hijacks computers
Attackers send an email to a victim telling them to install a program attached to the email, for security reasons. Once the ransomware has taken over the victim’s computer, it runs a code that encrypts the victim’s data, and the attackers then demand a ransom from the victim, promising - not always truthfully - to restore access to the data upon payment.
Change your password immediately.
Create a secure password, difficult to predict. Don’t use the same password for every account.
Turn on two-factor authentication.
Call to inform the bank to freeze your account or cancel your credit card (if possible).
Check your account movements regularly.
If any financial loss is detected, gather the evidence and report to the police and contact the bank to suspend the recipient’s account.
Install an antivirus program and scan your computer.
Change your password immediately after removing the malware.