How to Avoid Online Scams – Our Tips for Not Falling Victim to Phishing

In today's article, we want to explain how to avoid online scams. Phishing cases are multiplying every day and cybercriminal techniques have become increasingly sophisticated. 

The purpose of these scams is to deceive users, stealing sensitive information such as passwords, credit card numbers and personal data. To avoid losing this very important data, it is therefore essential to first know how to recognize the scam, know how to defend yourself and what to do, in case the phishing attempt is, unfortunately, successful.

What is phishing?

Let's start with the basics: the phishing is a fraudulent technique used to trick people into providing personal information, usually through email, text messages, or fake websites that mimic legitimate services. The term comes from “fishing,” as hackers “fish” for personal information by casting out bait, hoping that victims will “bite.”

Information stolen through phishing can be used for criminal purposes, such as identity theft, unauthorized access to bank accounts, or the sale of data in dark web.

The main phishing techniques

Let's look in detail at the most common phishing techniques, with real examples and advice on how to recognize and defend yourself from these scams.

1. Phishing emails (traditional phishing)

What it consists of:
L'phishing emails This is the most common and classic method. Scammers send emails that appear to come from a trusted source, such as your bank, a company you have an account with, or a service you use regularly. The email prompts the user to click on a link to update their account information, reset their password, or resolve an urgent issue. The tone of the email is often urgent.

Example:
An email that appears to be from your bank warns you that there has been an unauthorized access attempt to your account and asks you to click on a link to confirm your credentials and secure your account.

How to recognize the scam:

• Suspicious sender: Always verify your email address. It often looks correct at first glance, but has minor variations (for example, bancaonline.com could be bancaonline-secure.com).
• Urgent tonePhishing emails create urgency, such as threats of account closure or freezing of funds.
• Grammatical errors: these emails often contain grammatical and spelling errors, due to the fact that they are automatically translated from other languages. Be careful though, as machine translation technologies improve this point is becoming less and less relevant.
• Fake links: By hovering your mouse over the links, you can see the real URL. If it is not the official website of the bank, do not click it.

2. Spear phishing

What it consists of:
The spear phishing is a more targeted version of traditional phishing. Instead of sending emails to a large number of people, criminals target individuals or companies, gathering personal information about the victim to make the scam more believable.

Example:
A company employee receives an email that appears to be from a colleague or their boss, inviting them to download an important file for an ongoing project. However, the file contains malware or requires them to enter their company credentials on a fake site.

How to recognize the scam

• PersonalizationThe email contains specific details that make the sender seem like a familiar person, but upon closer inspection, one can easily realize that this is not the case.
• Unusual requests: Be wary of unusual or urgent requests from colleagues, relatives and friends, especially if they ask you to download files, enter passwords or even money.
• Check the sender: If you receive a suspicious email from a colleague, verify with them directly, preferably in person or by phone.

3. Smishing (phishing via SMS)

What it consists of:
Smishing is phishing that occurs via text messages (SMS). Scammers send messages that appear to come from trusted services, such as cell phone carriers, banks, or couriers, and ask the user to click on a link or call a number to solve a problem or get a reward.

Example:
A recent case concerns the reporting of messages very similar to this one, on the well-known messaging platform Whatsapp: 

"Hi Mom, it's me! I lost my cell phone and I'm using a temporary number. I need an urgent favor: I'm blocked and can't access my account. Can you make me a quick transfer to cover an urgent expense? I'll give them back to you as soon as I get everything sorted out."

How to recognize the scam:

• Unknown phone number: Smishing numbers often do not match the official numbers from your bank, company or saved in your address book.
• Requests to click on links: Be wary of any SMS that asks you to click on a link or provide personal information.
• Check with the interested party: If you have any doubts, contact the company or person directly using the numbers you already know, not the ones in the message.

4. Vishing (Phishing via Voice Calls)

What it consists of:
In the vishing, scammers use telephone calls to trick victims by pretending to be from companies or financial institutions and asking for personal or banking information.

Example:
You receive a call from someone pretending to be from your bank, alerting you to a problem with your account and asking you to provide your credit card number or other sensitive information.

How to recognize the scam:

• Request for personal information: No bank or company will ask for sensitive information over the phone without prior notice.
• Tone of urgency: If you feel pressured, hang up and call the company directly to verify.
• Unknown number: Check the calling phone number. If it does not seem trustworthy, do not follow up on the request.

5. Pharming

What it consists of:
The pharming is a more sophisticated technique in which scammers compromise DNS servers (which translate website names into IP addresses) to redirect users to fake websites, even if the user enters the URL correctly into the browser. Unlike traditional phishing, where hackers try to trick victims with fraudulent emails or messages, in pharming the scammer manipulates the system invisibly to the user, making it much harder to recognize the threat.

Example:
You type your bank's URL into your browser, but you are redirected to a site that looks exactly like your bank's. However, the site is run by scammers, and when you enter your credentials, they are stolen.

How to recognize the scam:

• Check the URL: Even if the site looks correct, check the web address carefully and look for the “https” prefix and the padlock symbol.
• Updated antivirus software: Modern antiviruses and browsers are able to detect fake websites and suspicious redirects.

How to avoid online scams

To avoid falling victim to phishing, here are some precautions to take:

1. Always verify the sender: Before replying to an email or clicking on a link, carefully check the sender's address. If it seems suspicious or out of the ordinary, contact the company through official channels.
2. Don't click on suspicious links: If you receive an email inviting you to click on a link, hover your cursor over it to see the actual URL before clicking. If in doubt, go directly to the official website by typing the URL into your browser.
3. Enable two-factor authentication (2FA): Adding a second layer of protection, like a code sent to your phone, makes it harder for scammers to access your accounts, even if they manage to steal your password.
4. Keep your software up to date: Regularly update your operating system, browser and antivirus software to protect yourself from the latest phishing threats.
5. Be wary of urgent requests: If you receive an email or call asking you to take immediate action, take time to think and always verify the legitimacy of the request.

What to do if you've fallen victim to phishing

If you suspect you've fallen for a phishing scam, act quickly to limit the damage:

1. Change your passwords now: If you provided your credentials, immediately change the password of all compromised accounts. If you use the same password on multiple sites, change it everywhere.
2. Activate 2FA: If you haven't already, enable two-factor authentication for your accounts to add an extra layer of security.
3. Contact your bank: If you provided financial information, notify your bank or credit card provider immediately to block any fraudulent transactions.
4. Report the accident: Inform the company or institution involved in the scam, and report the phishing attempt to the relevant authorities or online fraud prevention services.
5. Contact Digife: We can help you resolve the issue quickly and effectively. By acting quickly, you can minimize the damage and protect your personal data.