Stay secure online and prevent phishing and fraud!
Tips / 16.10.2020
Phishing and fraud are an inevitable part of our personal and professional lives.
These fraudulent activities can cause an organisation or business serious trouble, from hacked accounts to acquiring sensitive data.
No business wants to be exposed to this type of fraud, especially when the potential losses could be overwhelming.
That’s why we’ve prepared this blog post to help you stay informed and educated about how to stay safe online.
What is phishing?
In short, phishing is a method of obtaining sensitive information such as PINs, card data, passwords, telephone numbers in an illicit manner, mainly conducted through mass or targeted emails containing misleading information, fraudulent links and buttons that may take you to fake websites.
Phishing is a huge problem in the cyber world and has serious ramifications for those individuals affected by it. In most cases, such consequences are of a financial nature.
That’s why it’s important to recognise the various types of phishing attacks out there and know how to protect yourself, your employees as well as your business/organisation from such attacks.
Here are several ways an attacker might target you or your business, although this is not a comprehensive list:
1. Spear phishing
Whereas phishing entails sending mass emails to a multitude of individuals, this method of phishing is exceptionally targeted – focusing on specific individuals or organisation. The attack is personalised, based on the data the fraudsters acquire on you or your business.
2. Content injection
As the name implies, content injection refers to the process of “injecting” content onto a legitimate page. Its purpose is to confuse the user and take them to an illegitimate page, where they are asked to enter their user details, thereby giving the phishers all the information needed to access their accounts.
3. Phishing through search engines
In this scenario, a user might be directed to websites which offer low cost products or services. When trying to make a purchase by entering your details, this information is collected by the phishing site. Keep in mind that there are numerous false bank websites which offer financial products at extremely low rates. These are phishing sites and you should be aware of them.
4. Voice phishing/Vishing
Voice phishing entails the making of telephone calls which ask the user to dial a number. This is done with the objective of obtaining personal information over the phone and is mainly done with a false (or “spoofed”) caller ID.
5. Session hijacking
In this type of attack, the phisher “exploits the web session control mechanism” in order to steal information from you. Such a session hacking procedure is known as session sniffing, which means the phisher uses a sniffer to intercept your information. This ultimately enables them to access the organisation’s web server illegally.
6. Link manipulation
Through this technique, a user receives an email with a link which, instead of taking them to the original, legitimate site, takes them to a phishing website. To prevent this situation, hover your mouse over the link to see the address that it will take you to. Attackers often use URL or Link Shorteners to hide the actual malicious web address. This is one method of preventing link manipulation.
7. Email and/or spam
An email message is sent to millions of users. Such a message typically requires the user to fill in personal details, which are then used by the phishers to exploit them. These emails often contain a sense of urgency and may ask you to fill in forms by clicking on links in the email. For example, you might be asked to update your account information, change your details or to verify your account.
A Keylogger is a type of malware that intercepts passwords, account numbers and other sensitive information that is typed on your keyboard. This is why most banks and financial institutions will offer you a virtual keyboard where you can select the right information using your mouse to click on it.
9. Social engineering
Social engineering techniques like phishing, vishing and smishing are used to trick users into clicking on a link or to open an attachment because it looks legitimate, but in actuality, is not.
How to prevent phishing and fraud
Although the plethora of ways a phishing attack may take place may seem overwhelming, there are several steps you can take to prevent yourself from being exposed to such an attack or becoming a victim of one.
Here are some of them:
- Enable two/multi-factor or biometric authentication
- Keep your browser and your browser plugins up to date, and periodically clear your browser cache
- Use antivirus software and make sure it is updated with the latest version and malware signatures
- Never give out your personal information
- Use a firewall on your home router or personal computer
- Keep your contact information up to date
- Create strong passwords and use a password manager if it is difficult for you to remember them
- Allow push alerts on your mobile banking apps
- Keep your operating system and other software updated
- Don’t share your personal information or use it in passwords
- Don’t give out personal information, beware of social engineering tricks
- Think before you download apps and download them only from trustworthy sources like the official Google Play Store and Apple App Store
- Avoid keeping sensitive information on your phone
- Secure your smartphone with antivirus software
- Be careful about what you click on and especially pop-ups; think before you click
- Watch what you share online, especially on social media
- Never open email attachments before verifying the sender if you did not expect the email
- Be on the lookout for strange emails; delete suspicious emails immediately without opening them
- Check your online accounts regularly
- Turn off Wi-Fi and Bluetooth when you aren’t using it, and only connect to properly secured (WPA2) networks
- Avoid sending sensitive information over Wi-Fi; use a VPN when you connect to other networks than your own
- Do not save your login information when you’re using a web browser
Security measures we take at myPOS
If it looks like someone from myPOS is contacting you, you need to double check this before proceeding to provide the caller with any of your details.
We will, for example, never ask you for your PIN, card number, account number or email address, outside of your account.
Moreover, if we detect an unusual activity on your myPOS card, we will:
- Temporarily block your card.
- You will receive an SMS and email notification with a list of all suspicious transactions, and you will be asked to confirm if the transactions were made and authorised by you.
- If you confirm that the transactions are genuine, your myPOS card will be immediately unblocked and ready to use once again.
- If you don’t recognise one or more of the transactions and your card has been compromised, you will be able to submit a dispute. The compromised card will remain blocked and you will be able to order a new one.
Please note that purchases made in some countries other than your own country may be treated as an indication of fraud. Therefore, we recommend that you let us know before you travel overseas.
While phishing attempts are unlikely to decline in the near future, your exposure to them can certainly be reduced if you take the right measures to protect yourself.
The three words you should always have at the back of your mind are “stop, look and think”.
Don’t take hasty actions, take a closer look at the website or email which you’ve received and analyse it for potential threats before clicking on a harmful link, button or attachment.
At myPOS, we take your security seriously and will never ask you for sensitive information outside your account.
With this blog post, we hope we’ve informed you about some of the more common phishing attempt types and the steps you can take to prevent yourself from falling victim to such an attack.
Stay secure online!