Nowadays it has become a phenomenon related to everyday, receiving emails that have the sole purpose of deceiving and cheating users. A procedure so famous that was dedicated to this also a specific name: phishing. A type of email that aims to “capture” the attention of the unsuspecting user with alerts structured in such a precise and perfect way that they often manage to deceive even the most experienced internet users. The criminals, through fake email addresses, put themselves in the shoes of banks, government institutions and national bodies in order to access personal data and bank details that will then be used for the same criminal purposes with which the coup was designed. The emails focus a lot on soliciting the attention and action of the customer, often in fact use a direct tone that alerts users inviting them to change passwords and data immediately for security reasons when instead the only purpose of the criminals is to get hold of this important information. A real method to protect yourself from the continuous phishing campaigns unfortunately is not yet existing but we can still follow a whole series of tricks and tips, which we will soon see together, to avoid falling into the trap of what we can consider the scam of the new millennium.
Tips to avoid phishing attacks
1) Check the URL: To verify that the message really comes from a reliable source, the first thing to do is to confirm that the URL actually refers to a secure site and matches the text and sender of the conversation. It is not convenient to click on the link, which may contain viruses and malware, but it will be enough to move with the cursor on the hyperlink to immediately realize if the texts are actually identical and if the link actually refers to the page concerned, also confirmed through a direct search on the web.
2) Focus on the domain: in order not to arouse suspicion, often and willingly the scammers change compared to the original site even a single letter or a symbol in the URL, an aspect that makes the difference from the original unrecognizable. In this process of control, the rush is definitely not to be considered but rather you will have to check every detail of the link, starting from the domain up to the linked pages and even checking the address from which the email was sent.
3) Pay attention to grammar errors: the most common phishing campaigns strike on an international scale and this is why in the translation process some messages report spelling errors or sentence construction. An additional alarm bell that must immediately trigger suspicions despite maybe the URL and the domain at first glance are valid. The text in question is undoubtedly automatically translated from another language, a classic peculiarity of phishing cases.
4) Inappropriate requests: always be wary of the type of email that requires personal and confidential information rather than money, which offers super advantageous offers, which reminds you of winning some prize or contest you have never participated in. They are all tricks to attract attention and invite the public to click on those that then turn out to be fake sites created with the intent to cheat.
5) Verify the sender: No one would ever doubt that government agencies or banks are internationally known. Precisely for this reason, cybercriminals pretend to be important institutions but in reality do not use this channel for messages of such importance, or at least use a PEC address, and never for requests for money or important or very confidential information.