Poles lose thousands of zlotys because of scammers. What is phishing and how to defend against it? [TOPtech]

For years, however, they have been using an old, but extremely effective method. What is phishing and how to defend against it?

What is phishing?

Phishing is nothing more than a method of fraud consisting in impersonating a well-known person, company, organization or institution. The goal of scammers is to gain the trust of a potential victim and force them, for example, to provide their personal data, account password or credit card number. Phishing campaigns are usually massive. Cybercriminals send identical e-mails or text messages to thousands of people, hoping that at least a small part of them is waiting for a shipment from an online store or is using the bank they are trying to impersonate.

The ally of cheaters is, of course, our absent-mindedness. When reading a new SMS, a potential victim often does not wonder whether the sender is actually the company whose services he uses. To increase their chances, criminals threaten to immediately block the account on the streaming service, cut off access to the Internet, or even lose savings on the bank account. All this makes us willing to immediately click on a link leading to a fraudulent website.

When we think we are logging into our Facebook or Netflix account, we are actually sending the login and password to the criminals. Similarly, by providing a credit card number or approving an online banking transaction, we give criminals access to our money.

How to defend yourself against phishing?

The method seems trivial, but it has been extremely effective for years. So how do you protect yourself from phishing? First of all, using the network with your head. Before clicking on any link received by e-mail or SMS, it is better to make sure which page it actually leads to. A crafted website is usually embedded in a foreign domain or its address is different from the address of the original bank or website. After all, a company using a Polish national domain will not request data on a website in a domain belonging to, for example, Russia or Honduras. Often these differences are quite subtle, so it’s better to read the website address carefully and compare it with the one displayed after entering the real website of the service provider.

It is also worth reading the content of the received message carefully, because fake e-mails are often full of linguistic errors. If you receive such an email, it is best to delete it immediately. Also, do not download attachments as they may contain malware. Let us also remember that real social, streaming or shopping platforms never ask for, for example, a bank card number to confirm the account user’s details. Similarly to bank consultants, they do not demand an SMS password confirming online banking transactions. It is also worth notifying your bank or the company that criminals are impersonating about the incident. Perhaps in this way we will help warn other customers against fraud.

—