Enrique lands on the website where he can see the original price of each product, the discounted amount and a countdown timer which shows the amount of time left to purchase the product at the discounted price. You’ve got to be quick, stop what you’re doing and seize the opportunity. Bargains are there for the taking.
After choosing various products and reaching the checkout page, Enrique finds that the cash on delivery option is not available and he is only allowed to pay with credit card. Without a second thought, he introduces his bank details and expects his order to arrive in 3 working days according to its delivery service conditions.
However, five minutes after having made the purchase he receives a text message from his bank notifying him of three bank charges of 250€ on his account. What’s happened?
Enrique has fallen victim to a phishing attack, a fraudulent attempt to obtain sensitive information such as passwords and bank details by tricking the user with something that appeals to him or her. In Enrique’s case, these were:
- Offering tempting discounts on specific dates
- Focus the attention of the user on how much time he had left to make most of the discount offer rather than on other important aspects such as to ensure the authenticity of the site.
In the field of electronic fraud, as well as this technique, there are different methods which can also harm users:
- Smishing: the user receives a text message which lures him or her into sharing confidential information thinking it’s an online subscription or a job offer. The sender is usually a number with a “900” prefix telephone number.
- Shoulder Surfing: this basically consists in obtaining sensitive information when the user is not careful with his or her information, such as sharing a password in a public space, or when using a credit card PIN number in the supermarket or withdrawing money at an ATM. This is why it is so important to cover the keypad with your hand, because despite thinking it is uncommon, these attacks happen frequently.
- Trashing: in this case, the user can fall victim to an internet attack when carelessly throwing out documents that contain sensitive information without destroying them properly. In some cases, we throw away documents such as bills or advertising pamphlets with our name and address that can then be used in a potential phishing attack. However much this sounds like a movie, it happens in real life.
In order to face these threats and avoid users falling victim to online fraud, it’s important to follow these guidelines when sharing personal information online:
- Email sender: when you receive an email make sure you know who’s sending it. If the email address does not correspond to the content in the email, we need to be cautious.
- Address bar: after entering a website using HTTPS, it is important to verify that our browser’s address bar is green to make sure that the website is certified and is what it claims to be.
- Attached files: if an executable file is attached to the email, this is an immediate sign to consider it suspicious. However, files such as Word or PDF documents should be opened with precaution because it could be a virus if sent by an unknown address.
- Look and feel of the website: after clicking on the link on an email and entering the website, it’s important to keep in mind aspects as basic as the language (make sure it’s the same throughout the site), the web’s functionalities (make sure all links are working) and even make sure that the logo is the original one.
All these guidelines are important when it comes to differentiating an original website from a false one and protecting ourselves from providing sensitive information which can be used in fraudulent acts. Precautions as simple as verifying that the sender of an SMS doesn’t come from a premium rate number, not revealing passwords or pin numbers in public spaces and destroying sensitive information before throwing it way are actions that help avoid these kinds of scams.