Phishing, a real danger that lurks on the web and can cause so many problems. What it is and how to protect yourself

We hear about it more and more often, the phenomenon of phishing affects private users and companies with serious and often very costly consequences.

But what exactly does it consist of? How can you protect yourself from phishing? Let's find out in this guide, obviously starting from its definition.

Phishing. Things?

Phishing is one of the best-known cyber threats. Present for some time, it reaps new victims every day, who fall into its trap.

The goal of phishing is to steal the information and personal data of people who surf the net and/or use email.

You can consider phishing as a form of virtual solicitation. The attacker who creates the "bait" that starts phishing exploits the user's fears, doubts and lack of certainties, with the aim of stealing delicate and precious information.

The targets of phishing are in fact bank details, access codes to certain sites and platforms and the identity documents of unsuspecting victims.

Data and documents which will then be used to fraudulently withdraw money from accounts or carry out illegal actions in which the victim becomes an unsuspecting accomplice.

Hackers and phishing, where it all begins

There are various ways and systems in which the hacker hides his bait, even if the always favorite is email.

The email is in fact the "Trojan horse" preferred by those aiming for a phishing action.

The message is well packaged and sent from an email address, which is very, very similar to what we expect.

It is almost always accompanied by a sense of urgency, in which the user must immediately perform that action to obtain a reward, not risk something or maintain a feature or privilege.

The trick of phishing is therefore precisely this, a set of marketing techniques and simple psychology that pushes the user to carry out an action, without thinking too much.

In fact, the message pushes us to act to solve an urgent problem that cannot be extended to our account, for a click that should save us but instead condemns us.

The click will in fact take us to a fake login page of the bank, credit card or post office. By entering our access data we will "give" them as a gift.

In addition or alternatively, this action can lead us to download malicious software onto our computer , such as trojans or malware that will remain waiting for a command to slow down the computer , spy on our activities, share our information or become controlled machines in some hacker attack action.

Be careful though, it is not enough to pay attention to your email to be safe from phishing.

Phishing travels (also) on social media

Hackers intelligently move where their targets go. Therefore, in addition to clogging up our e-mail, they also target social networks.

In fact, in 2021, a good portion of phishing attacks started from fake Facebook, PayPal, Instagram and Linkedin pages.

The tactic is very similar to that already used for email. The hacker creates a page that looks impressively like that of the social network and tries to lure users into entering their personal data on it. Data that will not be used for access, but which will be "stolen" by the hacker who will use them as he pleases.

How do you defend yourself from phishing?

Before even thinking about software solutions, we must consider that the first rule to defend ourselves from phishing is only one, that of paying attention to our information.

So here we will have to:

Create and maintain our data with care

Manage them correctly and do not spread them unless strictly necessary

Always doubt, especially when the request is too alarmist or accompanied by a sense of urgency

What exactly should you do to avoid falling into phishing and hacker traps?

When you receive an email before rushing to act and "crushing" links more or less at random, follow this procedure:

Check the sender of the email carefully, it must be a sensible name and the domain part should correspond to that of the site they are contacting you about.

Check the subject of the email, also in this case the information reported should be clear and not sensationalistic.

Verify that you are the recipient. Phishing emails are often sent in bulk and your email address does not appear in the recipient header.

Read the email carefully, even in its smallest parts, and check that it makes sense.

If you decide to proceed, copy the link and paste it into a new window, without sending, it will help you understand where they are really directing you

In addition to these common sense checks, there are some other operations you should always do when browsing to increase your safety.

Here they are:

Avoid public or unknown connections to transmit sensitive data, use them only for general information or in case of need

Consider using a VPN. A virtual private network will encrypt your network traffic between your device and the server, increasing the level of protection

Check that the connection is HTTPS

Check that the domain when opening the page is exactly the one you are "aiming" at

Use antivirus and antiphishing software and solutions that can support you in a moment of inattention

Never share sensitive data. Banks, post offices, streaming platforms etc will never ask you to send them your account access password or credit card details.

Be wary of everything that is too good to be true (like the "famous" African prince with a blocked millionaire account who asks you for a few hundred euros to unblock it in exchange for half the assets...)

Phishing, if you know it you avoid it

The Internet and the Internet have opened up possibilities that were unimaginable until a few years ago. However, this much power and independence can also be exploited by those who, fraudulently, try to take advantage of our trust or inexperience.

Avoiding running into a computer scam like phishing is possible, we just need to pay attention to our actions and always think about what we are doing without being fooled by imposed "urgents".