To leave attackers fewer chances, it is enough to be careful when opening links and files, learn to distinguish google.com from qoogle.com, and pay attention to the interface, which may differ from the original in color, logo, or an extra field in the authorization form, Group-IB notes.
How can companies protect themselves and their customers?
The schemes of cybercriminals are becoming more and more sophisticated: they often “do not save” on creating mirror sites and fake payment gateways, copying the identity of certain resources. In a situation where the user himself went on about the “social engineers”, the company, of course, is not to blame for the damage caused to him.
And yet, in such situations, there are reputational risks for her: an example of this is the infamous calls from the “Sberbank security service”. The calls were made by scammers, and users saw this as the ineffectiveness of the means of protection of the credit institution itself.
It is currently impossible to completely exclude the possibility of using social engineering tools against clients of various online services. However, there are measures that companies can take on their part to minimize the risks:
- use understandable and reliable financial instruments (wallets, payment gateways, etc.);
- implement two-factor authentication (for example, using a verification code in SMS or a call);
- ensure reliable protection of the resource using proven information security tools and specialists who will constantly monitor the creation of phishing resources with a company identity;
- to conduct information work with clients and notify them of possible dangers.
In the event that a company uses payment solutions and information protection tools from trusted vendors, this already allows for reducing risks both in relation to the company itself and in relation to its customers.
How can an Internet user protect himself from online fraud
First of all, experts from Group-IB and other surveyed companies advise paying attention to the following points:
- you need to carefully study the address bar. All popular legitimate services support the HTTP encryption protocol. The padlock next to the browser bar also serves as a specific security marker. Of course, you can’t protect yourself from advanced fraud schemes in such a simple way, but you can definitely protect yourself from those that are designed for inattention. A more serious level of security will ensure the use of useful plugins (for example, HTTPS Everywhere, WOT, etc.) for web browsers;
- If you are interested in online shopping, carefully make payments through 3DS services. First of all, be sure to see that this is a payment by details and not a transfer to a third party’s personal card. Such “clumsy” fraud, oddly enough, is very effective;
- if a site you know has suddenly changed its design, beware. Criminals create online resources for the simple purpose of collecting sensitive data or getting money through deception. Therefore, in most cases, they are not smart with the structure and design of the site. Careless layout, spelling errors, broken sections, and links are clear signs of resource substitution;
- before paying (especially for a significant amount), do not be too lazy to check the date of registration of the domain. This can be done using public services, for example, whois7.ru. If the site was created less than a year ago, the probability of fraud is high;
- if you are prompted to install additional programs on your phone or computer to make a purchase on the Internet, you should not do this in any case. So you risk losing not only money but also the device itself;
- If the site has not raised any doubts and you are ready to make a purchase on the Internet, carefully study the payment instruments. After entering the card details, the store site should transfer you to the gateway of your card payment system. This is a separate secure page, the online store cannot access the information you enter there. Payment gateways connect the cardholder to their bank when making a payment. The bank sends a one-time code to the client in an SMS message to confirm the operation. And only after the buyer enters it, the payment goes through;
- do not tell anyone the secret codes from the bank – check whether the data from the SMS matches the details of the operation, in particular – the purpose of the payment and the name of the legal entity accepting the payment. If everything is in order, enter the code in a special field on the payment page. If not, call the bank.
- you should also avoid those payment methods that do not allow refunds.
- try not to use a single card for all payments. For example, you can get a separate card for making purchases on the Internet and transfer the necessary amount to it immediately before making a payment. In this case, even if you fall into a trap set up by scammers, you will not compromise the card data on which your savings are stored.
If the attackers still managed to deceive you and steal money from your account, you need to contact the bank, after which – write a statement to the police and send a coupon to the bank to accept the application. If you yourself entered the card details when making a payment on a phishing resource, the bank will not be able to refund your funds without a statement to law enforcement agencies.
Fraudsters are always active during periods of social tension, and therefore now you need to be extremely careful about where and how you leave personal data and, in particular, your bank card data. Fraud methods are becoming more sophisticated every day, and some of them may be unknown even to specialists. Therefore, neither banks nor companies can guarantee their customer’s absolute protection. So first of all, you need to be attentive to where and what information about yourself to leave.
For More Technology News, Click Here