4 Keys to Identify and Avoid Phishing Attacks - Check Point

By : Krishna Anindyo | Tuesday, February 18 2020 - 21:35 IWST

Check Point Software Technologies (Images by Acclaim)
Check Point Software Technologies (Images by Acclaim)

INDUSTRY.co.id -  Brings with it a new era of sales during which cybercriminals take advantage of the increase in the volume of digital transactions to launch phishing campaigns in search of new victims. The team at Check Point warns that, over the past year, phishing attempts have increased by an alarming 40.9%, with the creation of 1.5 million new phishing websites every month.

Phishing, which is a type of cyber threat through which a cybercriminal tries, fraudulently, to collect confidential information pretending to be a trusted company or person, is one of the most used types of cyber attacks worldwide.

This type of attack has a great percentage of success, since thousands of people are victims of scams through emails that offer great discounts, exclusive advantages, and more.

However, the risk of being the next victim of a phishing attack can be reduced by simply following this 4 keys to identifying these emails

Haste is never a good adviser - Cybercriminals try to impersonate large established companies to take advantage of their image and the trust users have in them. In general, the messages they send stand out for their urgency, inviting the recipient to take advantage of great discounts or demand that the recipient verify some personal data for security reasons or to not lose their user account.

Lack of personalisation - Emails that are part of a phishing campaign are communications that hardly show closeness to the recipient and tend to generalised greetings as “dear customer”, rather than personalised options that include the client's first and last name.

In addition, on many occasions, the "To" field of the email, that is, to whom this email is addressed, is empty. Therefore, it shows that it does not reach us from a company that actually has all our data. These are indications that show that it is not an official communication by a company, but that someone is impersonating their identity for their own benefit.

They incorporate attachments or several links - Although it is true that an informative email sent by a company usually incorporates a link so that you can visit its website, it is normal that this type of communications does not include attachments or many links.

Check Point experts point out that it is essential not to download any type of file if the sender of the email is not fully trusted. They also warn that differentiating a malicious link is simple: you just have to hover your cursor over the URL (always without clicking) and see the address from which the link actually derives. If it is not the advertised website or it is not trusted, it should not be clicked under any circumstances.

They send the mail to an account that is not registered to the service - The number of digital platforms to which we are currently subscribed causes many users to create accounts that they use exclusively for specific types of services, in addition to the ones they already have for personal, professional use, etc. For this reason, when an email arrives, it is essential to first ask if that is the address with which we are registered, since, if it were not, it would be a clear indicator that someone is trying to steal information from us.

Phishing is one of the threats with more history in the world of cybersecurity, and although it is at a lower level of technological development than the new generations of cyber attacks, its success rate is still very high.

However, avoiding its effects is a matter of a simple basic concept: prevention. At Check Point, we highlight that, the more cautious, better informed and more users think before clicking, the greater their level of protection against these types of risks.

In addition, the company also warns of the need for security tools that help us navigate safely. Security tools like Check Point’s ZoneAlarm Extreme Security, scans and deletes websites before the user enters their personal information, alerting him if it is a safe site to use or a phishing site.

There are also tools available for protection against more types of cyber attacks, such as the registration of keystrokes, rescue software or infection with advanced viruses and malware.

News Comment

Today's Industry

Regina Karya Mahasiswi President University

Jumat, 03 Juli 2020 - 17:55 WIB

How Covid19 Affect E-Commerce

The Coronavirus has created the urgency to stay at home and work from home in this New Normal era. In the U.S, there are more than 306 million Americans who are staying at home during a pandemic.…

Joses Immanuel Souhoka - Mahasiswa President University

Jumat, 03 Juli 2020 - 16:40 WIB

The Concept of Positive Thinking: Hope The Rise of Tourism Industry from the COVID-19 Pandemic

The Covid-19 virus case is a case that has a huge impact on the world, especially the country in the Asian region such as Indonesia. The impact is very having an impact on the industry in Indonesia.…

John Baker - Security Engineering Manager and Bug Bounty Advisor for HackerOne

Kamis, 02 Juli 2020 - 17:45 WIB

Why The Future of DevOps Needs Hackers?

In my days as a Quality Assurance (QA) Engineer testing hospitality software, functional testing was seen as the last step before deployment and release. Any major defects found in the QA cycle…

Jonathan Knudsen - Senior Security Strategist, Synopsys Software Integrity Group

Kamis, 02 Juli 2020 - 17:10 WIB

That’s Not How it Works: All Development Should be Secure Development

Secure development is more important today than ever before. A vast number of cyberattacks have placed security in the spotlight, with many organisations adopting safer practices to ensure that…

Marten Mickos, CEO at HackerOne (Photo by Wikipedia)

Selasa, 30 Juni 2020 - 17:00 WIB

The Power of Crowdsourcing

As we go through the fourth industrial revolution that digitises everything we do, economic and societal fundamentals are changing in ways we have not experienced before.