Phishing is a form of social engineering used by cybercriminals to trick victims. The goal is to steal user credentials and money, and infect a system with different malware variants. To do so, cybercriminals use baits so the victim takes them. They use a lot of different methods. Sometimes cybercriminals just try to unsettle and confuse the victims in order to trick them. We will explain some of the most common methods and how to avoid falling into the trap.
Methods cybercriminals use to trick people on the web
This is an issue that is increasingly related to banks. In fact, we recently published an article where we gave some recommendations to avoid being a victim of a phishing scam. Unfortunately, we also have to use those recommendations for a lot of other daily tasks.
Cybercriminals toy with time and urgency
One of the most commonly used methods is to take advantage of the urgency. Cybercriminals toy with the user’s time. They want the victim to have less time and more urgency to act. For example, something quite common is to receive an email supposedly from our bank (or any other account we may have) asking us to update our personal information as soon as possible. There may even be a deadline.
We may also be notified about possible security issues. The email may say that our account is in danger and that we must urgently change the password. Of course, this could scare users and make them nervous, making them to want to fix the issue right away. So they end up changing the password or doing exactly what cybercriminals want.
These methods are getting more sophisticated, which means that cybercriminals may use names familiar to us or even try to pass as one of our contacts. For example, they could ask us to urgently wire transfer or, more typically, send personal information needed to do something.
However, this works for more than just phishing. Sometimes cybercriminals want us to install a malicious app, for example, so we get an email prompting us to update our PC or install some app to supposedly fix a dangerous security issue.
Intimidation and threats
Sometimes cybercriminals try to intimidate victims by making them believe a service to which they are subscribed is closing. Let’s use a person with a Netflix account as an example. There have been cases of emails sent to Netflix users telling them to pay certain amount of money or their account will be closed and made unavailable.
This happens in many other scenarios. Cybercriminals try to scare victims by pretending they are a commercial service. They send false emails so users believe they come from a real, legitimate source. However, it is only a scam to get the victim’s credentials or money.
Kindness and polite words
There is a different method used by cybercriminals to trick a victim: kindness and polite words. They request something using polite words, flattering and kindness to gain the users’ trust.
Once they accomplish this, they can get what they want. For example, they may ask users to open a fraudulent site or give up their personal information somehow.
There are a lot more scam methods. Users always have to use their common sense to avoid becoming victims.