A phishing criminal acts making use of emotions and uses the so-called scale effect. A similar and automatically-sent message reaches hundreds of recipients. The scammer assumes that at least some of them will be manipulated, for example through haste or lack of concentration.
A cybercriminal may encourage you to click on a link sent to you that redirects to a fake, yet confusingly similar to the original website, e.g. your bank’s website. In fact, this website is made by scammers whose goal is to get your login credentials from you. .
Scammers can use text messages while pretending to be public entities, trying to sort out some formal matters, e.g. related to the settlement of tax liabilities. If you click on the link sent by them and make the transfer, the real addressee will be the cybercriminal.
Phishing can also involve sending a specially crafted attachment which, according to the scammer, is an invoice, whereas, in fact, it is a malware designed to take control of the device.
How to stay alerted?
You must pay attention to the sender’s domain, which may differ in a small detail, for example a typo, such as firstname.lastname@example.org. The red flag is also incorrect grammar, punctuation or the lack of Polish characters, such “ą” or “ż”. Message headers should arouse you suspicion – if they are not addressed to a specific recipient by name, but refer to a “valued associate” or “long-term customer”. This may mean that the sender does not know the recipient, and the message has been mass-generated to multiple recipients. What is also noteworthy are the logos and footers in the message – they may be confusingly similar to the real sender, but differ in details. You must always consider the appropriateness of what you are being compelled to do. Each and every message requires your verification. More and more often they try to impersonate the victim’s friends or family.
You should remember that banks or public institutions never send you emails with a link asking you to log in to the website, or requesting to disclose confidential data (such as PIN, password or card number). Such a message should arouse extraordinary vigilance – then it is worth confirming its authenticity by contacting the sender – through other, official communication channels.
Each and every suspicion of a phishing attack should be reported to your superior, Data Protection Officer and IT security specialist. Our vigilance and quick reaction may thwart the scammers’ plans.