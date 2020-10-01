If users take the bait and click on the link, they are usually sent to emulate a trusted website. From there, they are asked to log in with their username and password credentials. If they are naive enough to do so – such as social engineering – the registration information is passed to the attacker, who uses it to steal identities, empty bank accounts, and sell personal information on the black market.

Simple but effective

Simply put, being one of the simplest forms of cyberattack, it is one of the most effective. To prove this trend, the Intelligence team of S21sec, one of the main players in cybersecurity services in Europe, carried out an analysis of the evolution of phishing throughout the first half of the year, based on data collection with the company and its strategic partners. In this analysis, we highlight the 350% increase in identity theft over the previous year.

The main mistakes we make on the Internet

The main mistakes made by most users are related to the reuse and sharing of passwords used to access a variety of online service accounts.

Since the beginning of the proliferation of online services, the user has been required to register in order to access them, the user being required to enter at least the e-mail account and a password. For convenience, the user ends up using the same password on most websites they sign up for, or some variation of a common base password. And why is this a problem? Because sometimes one of these websites gets attacked and the attackers can gain access to user databases that contain these email addresses and passwords, and one of the first things they do is trying to access other websites using these combinations they stole.

So it is easy to imagine the impact of an attacker being able to access an online commerce account where the user has saved the payment details, or the email account where he receives all the documents related to his personal life. or even a professional email account.

In fact, according to the document, the risks of phishing aren’t limited to email. Identity theft is also carried out through text messages, voice calls, messaging apps and social media platforms. This scenario becomes even more pronounced in a reality marked by teleworking, in which employees use their personal devices to carry out their activity.

Potentiated pandemic attacks

Of course, this scenario has been enhanced by the context of the pandemic, with companies sending employees home, often using their own equipment to access business applications or systems. João Farinha, head of audit at S21Sec in Portugal, revealed to us that Covid-19 really means organizations have to adapt in record time to large-scale teleworking, which appears to be a new paradigm. “What was once a well-defined corporate network perimeter has grown into a network with multiple external accesses, from home or leisure environments, without the typical security controls that ensure the confidentiality, integrity and availability of data. data and business information ”.

The expert said that it was necessary to carry out a series of actions suddenly and, in most cases, with few resources. “In addition to transformation in the workplace, the human component has also undergone transformation,” explains João Farinha.

How can we defend ourselves

Above all, the chief audit executive explains, invest in education and awareness. “The majority of the population uses systems on a daily basis, both professionally and personally. It is necessary to put in place good safety habits, which is not easy when the pace of technological change has exceeded the ability of parents to transmit knowledge to their children ”. And he talks about the need to make a communication effort at all levels so that the topic of information security starts to be part of our nature, as well as so many other security habits that society already has, such as food security, physical security. .