Social engineering currently accounts for 98% of cyber-attacks. And as we mentioned in the previous TIP, we would like to remind you once again of the differences between Phishing, Vishing and Smishing, so that you can be prepared and recognize any fraudulent communication in time.
The objective of these three frauds is the theft of information by impersonating a company, entity or trustworthy contact and thus deceiving the Users by using the following means:
- PHISHING – Sending of e-mailsrelated to verification or updating of data (card number, bank signature, password, personal data, etc.) or advertising campaigns, sweepstakes and discounts. Both may have virus-infected attachments or links that send the recipient to a fake web page, in which we will be asked to enter certain personal and access data in order to complete the update correctly or to be able to participate.
- VISHING – Making telephone calls on behalf of our bank, to verify or validate a supposedly cancelled transaction. Again, we will be asked to provide our password and signature or digital token, to help us remotely to make the appropriate checks or adjustments to our bank account.
- SMISHING – Sending SMS or Whatsapp with a link to the fraudulent website, in which it will be indicated to enter supposedly incomplete or outdated data, and strictly necessary for the continuity of the service.
How can we avoid it?
The best way to avoid being scammed and suffering information theft, with the economic losses that this may entail, is to “double check”. Before providing any information that may be considered confidential, we recommend that you avoid responding at that moment and contact the person or entity that is requesting the information, but through official channels.
IMPORTANT NOTE:
If you have the slightest suspicion about a communication or believe you may have been the victim of a cyberattack, do not hesitate to report it to your line manager, the CISO Security Manager and the IT department, so that they can advise you appropriately. And on a personal level he reports the cyberattack to the police authority.