Why do we receive fraudulent SMS?

The first thing we must take into account when analyzing why we are receiving this type of messages is that practically in the totality of occasions they are sent massively. That is to say, to a great amount of people at the same time. This is for statistical reasons. In fact, for the scammers, the more people they send the SMS to, the more likely it is that someone will fall for them.

In addition to this, most of the people who receive these messages do not know how to identify that they are false or that they are scam attempts. For this reason, in many occasions, they achieve their goal. In reality, what they are after is to get hold of our personal data. It can be to sell them or to impersonate our identity in some site, as we have already indicated above.

What to look for

We can be victims of many attacks by means of text messages on our cell phones. It must be taken into account that a few years ago it was possibly the most used means of communication in many cases. A way to send a short text to someone immediately. But nowadays, it is not very used by users. In fact, we really only receive SMS with verification codes, advertising and attempted attacks.

If we make mistakes with this type of messages that are actually fraud, we can put our security at risk. Not only will it affect the mobile device in question. In fact, it could also manage to steal personal data and passwords. A problem that is aggravated when it also asks us to download some kind of data. All this makes it essential to know how to recognize when an SMS can be a scam. In this way we will be alert, and we will not make mistakes that can impact us. Sometimes it may actually look like a legitimate message. However, there will always be certain details that can help us to see that it is a scam.

It has a link (especially HTTP)

One of the most common tests is when it carries a link. Normally, it is through this link that the attack is carried out. It can be a Phishing attack. It is there where they pretend that we log in to a service. However, it can also be a link to download a malicious file.

It is important to bear in mind that HTTP links (those that are not encrypted) are the most dangerous. Attackers will usually use this type of link. However, you can also encounter a fake page that is encrypted. Therefore, although it is a warning sign, you should not rule out the possibility that an HTTPS link is insecure.

This link is shortened

But beyond the fact that a link arrives, it is very common to find shortened links. They use this strategy to prevent us from really seeing what the address is and click on it. We should always avoid entering links that are shortened. In addition, we can make use of tools that allow us to know what the real address is without having to open it.

A short link does not necessarily mean that it will be insecure. However, it is true that they are widely used by hackers. Ultimately, what they do is hide everything else. We do not really see the URL to which it will direct us. Therefore, it is easier for us to end up entering a page.

For example, if it is a supposed message from the bank, perhaps the domain is totally different and has nothing to do with that bank. If we see that domain like that, we are less likely to access it. On the other hand, if we receive a URL hidden in a shortened link, we are more likely to make the mistake of opening it.

It comes from a platform that we do not know

A clear sign of a scam is when we receive a message that supposedly comes from a platform that we do not use. We are talking for example about a courier company that we are not expecting. Also, an SMS from a bank that we have never had an account with, etc.

Hackers usually take advantage of the Christmas or summer campaigns to send SMS from courier companies such as Amazon. It is also common for them to try with the main banks in case we have an account and fall into the trap.

But beware, if you receive a message from a platform you know, it does not mean that it is safe. In fact, it is very common that they use the name or brand of very popular services. For example, banks or online shopping platforms. In this case, they want to have a higher probability of success and get the victim to click.

It is addressed in a generic way.

Another proof that it can be a fraud is when that SMS is addressed in a generic way. That is, it is when we find messages that say dear user and similar. They are not really addressed to the name of the person who receives it. Finally, this is a symptom that it may belong to a massive campaign.

It may happen that you think that the content of the message is totally irrelevant to us. Or you may think that there is no reason to have received it. Then it is most likely a fraudulent message. In the best case scenario, it could be an SMS sent by mistake that was addressed to someone else. However, whatever the case, we recommend that if you do not know the sender, simply delete it. This way you protect yourself from any risk.

However, phishing attacks are becoming more and more personal. Hackers are looking for more and more information about the victims. Therefore, they create links that are targeted with first and last names to increase the likelihood that we will click on them. You are more likely to click on a link that is addressed to your name. For example, indicating that an account you use has a problem and that you need to change something in the settings.

The latter is known as Spear Phishing. In this case, it would be addressed to a specific person, with name and possibly surname. Therefore, even if the SMS is in your name, you should verify that it is reliable. Hackers can collect information from victims in order to send more personalized messages and be successful.

Use alert messages

This type of messages that seek to deceive the victim usually contain warning messages. They tell us that our account is going to be suspended, that there has been an issue or similar. They seek to scare the victim. In this way, they will click on those links or carry out some action they ask for.

Undoubtedly, this is something very common among Phishing attacks. They tell us that something is wrong, that we must modify something in our account or carry out any step. Of course, all this as quickly as possible so that we do not have time to think and make mistakes. In this way, if they send it to many users at the same time, there may be someone clueless who falls into the trap. It is also possible that an elderly person might get nervous and think that they really need to do something as soon as possible to avoid having their account stolen. The worst thing is that it really is a trap.

The sender’s number has a very long length

In many occasions, we usually receive calls or SMS from long numbers. In addition, and these are typically from switchboards of companies such as electricity or telephone companies.

But we must take into account that this type of numbers often have a maximum of 10 digits. So, if we receive any SMS from a number that is longer than this, we should suspect that it is an attempt of scam. Since, in general, these numbers are typically generated internationally. Therefore, if we do not know the sender, it is best not to interact with the message.

Grammar is not the best

We can also look at the way the SMS is written. Typically, they regularly make grammatical errors, typing errors. They may even be translated from another language, etc. This is therefore another indication that the message we have received may be a scam and put our security at risk.

Whenever you see a message or any email of this type, you should run away. We must be very careful not to open links. In fact, it may be a scam that only seeks to collect data or steal passwords.

We are asked to log in or provide data

Usually these SMSes are intended to steal information and especially passwords. They are based on a phishing attack that seeks to gain the victim’s trust so that they log in or enter some kind of personal data. There is nothing fixed. Indeed, sometimes we will be taken to a page that pretends to be legitimate to log in. But sometimes we will be asked for a series of information.

https://bet-bonusking.net/
https://bonuslistele.net/
https://bestbonussites.com/

In short, these are some fairly common signs that we are facing a fraudulent text message, which seeks nothing more than to steal our data and thus compromise privacy. It is something that we can find on our mobile on many occasions. They especially pretend to be legitimate companies, banks and other platforms that users might trust.

The post How to spot scams and phishing attempts via SMS appeared first on Linux Windows and android Tutorials.

Google has a feature in Chrome called Enhanced Safe Browsing. This is used to predict threats before they take place. Therefore, it allows users to be warned when their credentials are exposed. This feature was already present in Chrome. However, Google has now implemented and started to promote it in Gmail. So, it is likely that in the last few days you have received a warning when logging into your Gmail account. It does not matter if it is from the browser or from the app on your mobile or tablet. If you activated it when it appeared, congratulations. If you acted out of inertia and tapped on the No thanks, no problem. Actually, what it does is to speed up the process to activate the protection against potentially dangerous websites, downloads, and extensions.

How to activate the protection against phishing in your Gmail email

If you want to add an extra layer of security against phishing and other types of fraud attempts, we tell you how to do it step by step. The procedure is simple. Moreover, it takes less than a minute to activate, and you only need to perform a couple of actions.

• It is possible to activate it directly. To do so, click on the following link. This will take you to the Enhanced Safe Browsing for your account page and activate it.

• If your browser is Google Chrome, then copy into the address bar this command: chrome://settings/security. When you are inside, select Enhanced Protection versus Standard Protection.
• If you are on mobile, open the Chrome app and tap on the three dots. Then go to Settings >Privacy and security. Next, go to Safe browsing, where all the available security options will be displayed, such as standard and unprotected protection, as well as Enhanced protection, which is the one we are interested in activating.

Note that this is an account setting and not a device setting. Therefore, bear in mind that regardless of where you activate it, it will be operational on the others. If you use Gmail or Chrome, it is an extra measure of protection that you should take advantage of. You should join it with others, such as two-factor authentication. Also consider that this setting also provides detailed information about your browsing habits, linked to your account. However, Google explains that this data becomes anonymous after a period of time.

The post Gmail has a new feature against phishing appeared first on Linux Windows and android Tutorials.

Tips to avoid Phishing attacks

The best way to avoid a phishing attack is to really know how it works. Phishing is a strategy whereby a hacker launches a bait for the victim to click and log in. In fact, it is usually something that pretends to be legitimate, such as a bank web page. However, we are actually sending the information to a server controlled by the attackers.

Observe

The first tip to avoid a Phishing attack is to observe. Indeed, when you receive an SMS or an email, you should take a good look at the content. Look at the appearance of the message and the link. In fact, they often use shortened links or HTTP sites. Another aspect to watch out for is the information they are sending, which is usually going to be an alert.

Just by taking a good look at that message, we can realize that it is a fraud. Our bank, the social network they are trying to impersonate, or any other platform, will never ask us to enter our password in a message. Likewise, they are not going to alert us of a problem and ask us to log in.

Log in only to apps or websites directly

Of course, another key point is that you should only log in to applications or web pages directly. Let’s say you need to log in to your bank account to resolve a supposed problem that you have been informed about by e-mail or SMS. In such a case, never log in from the attached link. What you should do is to log in to the application or the website.

This way, you make sure that your data will be protected. You are going to log in through reliable means, without exposing that information. If you send it from a link that has come to you through a Phishing attack, your password could be stolen as soon as you send it.

Enabling two-step authentication

More and more platforms have the option to use multifactor authentication or 2FA. What does this mean? To log in, you are going to have to put in more than just your password. Therefore, it is usually a code that arrives by SMS. Even use a two-step authentication application to verify the action. If an attacker manages to steal your password through a phishing attack, they would still need that second step to get in. So, with 2FA, you are creating an extra layer of useful security.

Do not expose data

This is rather common sense. Hackers can launch Phishing attacks after having previously obtained your personal data. Indeed, they may have found out your email address or your phone number. In this way they create a more personalized attack, looking for a way to scam you.

For example, you should never make your e-mail address public in open forums or through comments on web pages. Nor should you publish your telephone number. This way, you will be protecting your personal data.

Use a good antivirus

One more tip to prevent Phishing attacks is to use a good antivirus. Phishing attacks can not only steal passwords, but also sneak in some type of malware. If we have programs that help us to protect ourselves, we will avoid the entry of many varieties of malicious software.

Therefore, always keep in mind the importance of having a good antivirus installed. For example, Windows Defender is a good option. However, there are many more available that you can install on all types of operating systems.

Use a good browser

A good way to protect yourself is to use a good web browser. That is, one that can block many of the threats. Security studies indicate that some web browsers are more effective at blocking these types of threats. Specifically, Microsoft Edge and Mozilla Firefox prevent most of these types of attacks. In contrast, the most popular browser of all (Google Chrome) is much less effective at blocking these threats.

Avoid opening attachments and clicking on links in unsolicited e-mails.

If you receive an e-mail requesting personal or financial information, do not respond. If the message invites you to access a website through a link included in its content, do not do it. You should know that serious organizations are already aware of this type of fraud. Therefore, they do not request information by this means. We also recommend accessing the official website of the organization by entering the corresponding Internet address in your browser. You can also contact the banking institution directly. For this purpose, you only have to use the numbers provided by them.

Ultimately, we have seen some tips to avoid phishing. Of course, the best thing to do is to use common sense. See you later!

The post 5 tricks to avoid Phishing and getting robbed appeared first on Linux Windows and android Tutorials.

How browser phishing works

Phishing can arrive by different means. For example, we can receive a link through social networks. Furthermore, through email or simply by clicking on a link on a page we are visiting. That link will redirect us to a fake page. Certainly, it has been created simply to pretend to be a legitimate one. It is widely used to steal passwords for bank accounts, social networks, email. By clicking on this link and entering our data, both the username and password, this information will go directly to a server controlled by the attacker. This way he will be able to steal the passwords. So, he will have total control of our accounts.

Therefore, simply by clicking on a false link, we can suffer the theft of our passwords. To avoid this problem, the most important thing is common sense. In addition, do always log in directly from the official website and not through links that we receive. But we can also help us with certain programs, and here is the browser itself will have some extensions available.

The purpose of these extensions that we are going to show for Chrome and Firefox is to alert us when we click on such fake links that are actually Phishing. In this way, we will avoid logging in where we should not. Our password will be protected, and we will reduce the risk of intruders.

Chrome Extensions

Foremost, we’ll show you some Chrome add-ons that will help us to avoid Phishing attacks. Their mission is to alert us as soon as we enter a link that could be classified as dangerous.

Total WebShield

The first anti-phishing extension for Chrome that we want to show you is Total WebShield. It uses artificial intelligence and cloud-based technology to detect threats. It allows you to detect online malware, possible phishing links and web pages that may result in a security problem.

If you click on a link that takes you to a dangerous page and this extension detects it as such, it automatically blocks access. This prevents you from reaching a site where your data may be compromised. Or simply where there are files to download that may actually be a virus. The way to use Total WebShield is basic. You just have to install it from the official Chrome store. From then on, it will be running in the browser. It will work automatically whenever you open the program to browse.

Dr.Web Link Checker

This security extension for Chrome focuses mainly on social networks. Its mission is to detect malicious links from sites such as Facebook. Keep in mind that these types of platforms are widely used by cybercriminals to launch online scams and compromise security. To use it, you have to go to the official website of the Chrome add-on store and download it there. The icon will automatically appear at the top.

Netcraft

This is a tool that alerts us of possible Phishing links that we receive when surfing the Internet. It offers specific information so that we can be prepared. In the specific case that we receive a link that may be a threat to our passwords. It is elementary to use.

To use it, you have to download it from the official Chrome store. From that moment on, it will start to evaluate the risk of the links. In addition, it will alert you in case there is something strange that could put your security at risk. It uses a database to compare the information with the sites we visit.

Firefox Add-ons

There are also extensions to avoid Phishing attacks for the Mozilla Firefox browser. You will be able to avoid falling into the trap when surfing the Internet and avoid those fake pages that have been created solely to steal passwords. We are going to list some interesting add-ons that help you to be more protected.

Zelda Anti-Phishing

One of the Firefox extensions to detect Phishing attacks that we can install is Zelda Anti-Phishing. It is responsible for scanning all the web pages we visit and if it sees that there is any risk it blocks it. It will warn us and prevent us from logging in or sending any type of information that can be intercepted.

Its operation is elementary. All you have to do is download the application from the browser’s official store. From that moment on, it will start tracking the websites you visit. Consequently, it will warn you if it finds anything strange that could mean that your data is at risk.

PhishWall

Another Firefox add-on that aims to detect Phishing attacks is PhishWall. It is used to track the pages we open in the browser. Then, it alerts us in case we are entering a page that could be a security threat and be used to launch Phishing attacks.

You can download this tool from the Firefox Store. It is one of the most downloaded of its kind. Very useful as a complement to other security programs, such as Windows antivirus. One more way to maximize security.

Emisoft

With Emisoft you will achieve protection when surfing the web, visiting web pages or opening links. It blocks malicious sites that may contain Phishing. This will prevent you from logging into services that are dangerous and where your personal data could be compromised.

It promises not to track the user and not to collect any information. Its mission is to alert in case it detects a malicious website and prevent us from falling into the trap. You can download it from the Firefox store. So, this is how we have seen the best Anti-phishing extensions. Bye!

The post Anti-phishing extensions appeared first on Linux Windows and android Tutorials.

What is Bank Phishing?

Phishing attacks are a technique widely used to steal passwords. It is a classic that has been adapting to changes. It is widely used to steal passwords of all kinds, such as social networks, Internet forums and also bank accounts. And the latter is significant, since it is very common to use our cell phone to access the bank or pay from the computer.

An attack of this type is a bait that seeks to get the victim to open a link or download a file. For example, they may send an email stating that there has been an error in our bank account. Consequently, we must change something in the configuration, verify the identity, etc. We are asked to click and log in. But of course, we are sending the password to a server controlled by the attackers.

The same is also true for SMS. In fact, this has increased a lot lately. They impersonate the identity of the bank and pretend to be them so that we download an application or enter from a link. Furthermore, in this case, they will look for a way to trick us with a supposed problem or something we should do.

Basically, therefore, a phishing attack consists of the victim entering a fake link or page. Of course, this page has been created as if it were legitimate. Consequently, the passwords and credentials are sent to a server controlled by the cybercriminal. In this way he manages to steal the passwords and gain control of that account.

Why it is a widely used method

What makes hackers use phishing attacks so much to steal bank accounts? There are several reasons for this. One is that it is relatively easy to reach many users at once. That is, they can send thousands of emails to thousands of hypothetical victims. If just a handful of people fall into the trap, they have already made a profit.

It is also widely used because of its ease of access to phishing kits. In the Dark Web, it is easy to get elements of this type. It is not even necessary to be a cybersecurity expert. So, it is possible to acquire everything necessary to carry out this type of attack and compromise the security of many users on the Internet.

On the other hand, it is a method that is difficult to be detected by an antivirus. It is true that security tools have improved and can, for example, detect dangerous domains. However, there are still a lot of them sneaking into email and this is a major problem.

Another issue to keep in mind is that it can affect people of all ages. They can send SMS to many numbers, and perhaps an older person who does not have the necessary knowledge to avoid these threats may fall into the trap. They find themselves with a message on their cell phone saying that they have to enter their bank account. Consequently, they carry out the action without knowing that they are seriously compromising their security.

What to do to protect ourselves

We have already explained what this dangerous method is all about. Now let’s see what we can do to avoid the theft of bank passwords and be fully protected on the Internet. We are going to show a series of recommendations that you should apply for this particular case. However, they are also useful to avoid similar attacks on the Internet.

Avoid making mistakes

Undoubtedly, the most important thing of all is common sense and not making mistakes. Phishing attacks will require the interaction of the victim. That is, the attacker needs us to click on a link, download a file or log in some way to steal information and passwords.

Therefore, it is essential to always maintain common sense, to know at all times when we are entering and where we are going to put our data. At the slightest doubt, it is better not to send anything. If you receive an email or SMS saying that your account has been stolen or that there is a problem, do not fall for this type of bait. Moreover, whenever you have doubts, contact your bank through official means.

Keeping everything up to date

Another essential point is to always have everything up to date. This includes the operating system itself, the applications we use or any software or driver. On many occasions, vulnerabilities appear that are exploited by hackers. This will allow the entry of malware or will serve to deploy phishing attacks.

Concerning Windows, to update to the latest version you have to go to Start, go to Settings and go to Windows Update. There you will see possible new versions that you can install to resolve any problem that may exist.

The steps are similar in any other operating system you use, whether on a computer or cell phone. In addition, you should especially take this into account when using programs connected to the Internet, such as the browser or the application itself, to access the online bank account.

Security programs in place

There are many security programs that you can use to protect your computers and prevent the entry of viruses and any variety of malware. For example, you can use a good antivirus. Some options such as Windows Defender, Bitdefender, or Avast work very well. However, there are many alternatives, both free and paid, for all types of systems.

But we should not limit ourselves to antivirus alone, as we can also rely on firewalls or even security add-ons for the browser. In all these cases, the aim is to keep hackers away and to be able to detect any security threat that may appear.

Enabling two-step authentication

If there is one thing that is very useful to combat Phishing banking attacks, it is to enable two-step authentication. Basically, what it does is create an extra layer of security. An additional barrier that will prevent a hacker from getting into the account even if they knew the password.

Use only official applications

To avoid security problems when using banking applications, it is essential to use only official ones. But beyond that, you should download them from legitimate sources. For example, the bank’s own website or official stores such as Google Play. This way you will avoid the risk that the software has been modified maliciously.

It is precisely through fake applications that hackers use to launch attacks. They modify a program to make it look legitimate, but in reality it is a scam, and so they can steal passwords. In short, bank phishing is a more common problem than we think. Therefore, I hope that with these tips you will be able to avoid it. Bye!

The post How to avoid bank phishing appeared first on Linux Windows and android Tutorials.

What is Smishing

Smishing is a very dangerous variant of the typical Phishing attacks that reach us by e-mail. Although the form of attack changes regarding Phishing, the objective is the same. The aim is to deceive the victim in an attempt to steal his or her login credentials, bank accounts and even debit or credit cards. This is done by making the victim believe that they are on an official and legitimate website. Our security and privacy is at risk from this type of attack. We could certainly leave our passwords exposed, including any bank accounts we may have, so we must be meticulous with this type of attack.

Smishing uses SMS messages that we receive on our cell phones with a link. This SMS message “appears” to be from our bank. However, cybercriminals change the origin of these SMSes so that the victim trusts that he has received an SMS from BOFA, Wells Fargo, Citi or any other bank.

How it’s work?

You will receive this SMS whether you are a customer of this particular bank. In other words, if we have an account with Wells Fargo, we can perfectly receive an SMS pretending to be from Citi. When we receive an SMS from a bank where we do not have an account, we usually delete it. However, if it just so happens that you do have that bank, then you could trust the SMS you receive. Consequently, clicking on the link can lead to fraud.

Nowadays, this type of attack is aimed at stealing bank accounts or credit cards. Therefore, we must pay close attention to the SMS we receive from our bank. It is certainly critical not to click on any link in the SMS to avoid this phishing attack on the bank. What we want is to avoid that we are the victims of identity theft. Next we will see how smishing behaves.

How to detect this attack and avoid it

This phishing attack aims to steal our credentials. However, it can be easily and quickly detected. On the other hand, this depends on what kind of SMS we receive and how the hook message is constructed to make users fall for the scam.

The first thing to look at is the spelling of the SMS. In fact, this type of attack is usually carried out by cybercriminals who are in other countries and do not know the spelling of English. We should also look at the way they address us. This is easy to check by comparing it with legitimate SMS from our bank. In the end, the result is typically different.

The second thing to look at is whether they encourage you to click on the link. That is, they are looking for the user’s fear and inform us that something is wrong or that there has been an excessive charge in the bank account, and invite us to review it. It is possible that if we click on it, they may ask us for personal information. This information will later be used against us maliciously. Another aspect you should check is whether there is a hurry for you to click on the link yourself, i.e., it is something very urgent that cannot wait. This way we can easily detect if an SMS is smishing.

Please use common sense

We should also check if the SMS has a link to the bank’s website. In fact, you should never access your bank through a link you have received by SMS. To avoid problems, access directly through the app on your cell phone or from the official website that you have saved in your computer’s bookmarks. This way, you will be able to access your bank account safely and without fear. If you click on the link, you may be taken to a website that is specifically designed to deceive you. That is, it is the same as the official one but will be used to steal your login and password. Consequently, you should never enter your credentials on such a website.

A few years ago, illegitimate scam websites used the HTTP protocol for their scams. This protocol does not offer any kind of point-to-point encryption, so it was the first aspect you should check to see whether it was a legitimate website or not.

Consequently, if the user does not see the padlock, then he/she is already suspicious. Nowadays, scam websites also work with HTTPS. However, this means that the communications are encrypted with the scam website, it does not mean that the website is secure and legitimate. Therefore, although this website uses HTTPS, it could very well be a fake of the legitimate website.

What should we do

What you should do if you receive an illegitimate SMS is to delete it as soon as you receive it. In addition, you should never click on the link or link that we have in the SMS. This way, you will not be a victim of this type of attack. Finally, we must use common sense. In fact, the bank will never ask us for data that they already have, such as our username and password, nor the data of the debit or credit card. If you receive an SMS that urges you to hurry, you should know that your bank will never contact you by SMS for important matters, but will call you directly.

What to do if we have already been victimized

What you should know is that if you have not clicked on the link you are not in danger, you simply need to delete the SMS and not click on it unintentionally. It is significant that you delete this SMS as soon as possible to avoid entering the link accidentally.

If you have clicked on the link, there are some SMSes that take you to a fraudulent bank website and invite you to fill in your username and password. If you have not filled in anything on this website, simply exit this fraudulent website and delete the SMS you have received. In case you have filled on the website with personal data, you should do the following:

• Review what data we have provided and what they can do with it.
• If you have entered your bank username and password, log in as soon as possible through the app or via the web and change the password. You can also call your bank manager directly to inform him/her of the issue. In consequence, he/she can be alert in case you have suffered an intrusion in your account.
• If you have entered your credit or debit card, block it as soon as possible. Even if no charge has occurred yet.

What to do if you download a malicious app from a link

In case you click on the link, you should never install an application because it could be a banking Trojan to steal all our bank accounts. So, what you should do is delete the downloaded application or program. In the same way, you have to delete the downloaded application or program, exit the fraudulent website and also delete the SMS message you have received. If you have installed the fraudulent application, you should quickly do the following:

• Delete the app as soon as possible.
• Download an antivirus for your smartphone. Start scanning as soon as possible to remove any malware that may have been installed.
• Change the passwords of all the accounts you manage with your smartphone, including those of your bank.

However, the best thing to do is to restore it to factory defaults to make 100% sure that no trace of the malware remains. In this way we have seen what smishing is and how we can protect ourselves. Bye

The post What is smishing and how to avoid these dangerous attacks? appeared first on Linux Windows and android Tutorials.