Cyber attackers are increasingly finding more precise and complex ways to deceive users on the Internet and steal from personal information, with which later identity theft can be made, to bank details.
These are some of the techniques most used by criminals to deceive Internet users. Take note not to fall into the traps.
Impersonation of ‘E-commerce’
Criminals are making use of well-known e-commerce platforms in the region to impersonate them and thus steal the person’s bank details. For that, they are using the security lock next to the URL of the page.
These locks that are next to the link on the page are the official certificate that is given to a website and that also indicates that a secure connection is being made.
The strategy is that criminals create the domain of a web page, then buy a certificate that guarantees that the site is authentic. Accessing the certificate is easy, and there are certifiers that even allow you to get it for free.
Once this objective has been achieved, what the attacker does is add a series of characters and words to the link on the left side of it, where they use the name of recognized online shopping platforms. So the URL looks like the one on the official page.
Carlos Gómez, Sonicwall engineer for South America, an expert company in network security, points out that the user must inspect other aspects of the padlock next to the link where it is located.
The first step is to click on the certificate, there a message will be displayed where the user can find in detail its information, such as the company that issued it, from what periods of time it is valid and to whom it was issued. This is the key point, as that will allow you to identify the person by name from the original URL.
‘Spoofing’ and ‘Pharming’
These two techniques are the main ones in the impersonation of websites, with which it is sought that users enter personal information, and then proceed to carry out theft or identity theft.
Spoofing, for its part, is known to be a spoofing of the website through different techniques. There are numerous types of spoofing. In one of these, the attackers falsify the window where the user has to enter the personal data of it, and then keep that information. Another is the falsification of the sender’s email address to simulate that a message has been sent by an official account.
Pharming is an attack in which a web page is redirected to a different IP address than the original one. All this in order for the user to reach a fake site, despite entering the correct URL.
In these modes, it is important to keep the security tools of the devices from which you navigate, including the antivirus and the operating system up-to-date. Also, check the URL from which you are browsing, especially if you accessed it through an email about whose origin you are not sure.
Also, enable double factor authentication for all digital services where possible. With this, if a cybercriminal accesses the access data of an account, he will need an additional security code, which will reach you by email or text message.
‘Keyloggers’
One of the tactics used by attackers is the use of spyware or spyware such as keyloggers, which is a malicious program that is capable of obtaining a record of the actions carried out on the keyboard of a mobile device or a computer.
This not only records what a person writes on their device, but also detects mouse movements during navigation within the computer.
What criminals are looking for with this technique is mainly to obtain users, passwords and security codes, whether from a bank, a social network or an email.
One of the main risks with these programs is that they are very difficult to detect within the computer, since they are designed to last as long as possible on the device.
Criminals pass off the keylogger as a legitimate application. For this they use emails or communications through messaging applications where they invite the person to download the program to receive a specific benefit.
During the pandemic, cyber attackers have used issues related to COVID-19 – such as vaccination, subsidy procedures, among others – to pass off the malware as an official platform.
Generally, the victim is directed to a malicious page to do the download process. For this reason it is important to access applications only from official stores of the operating systems.
