These are the most used website spoofing practices
The spoofing of websites became the fastest growing cybercrime in the country in 2020, with more than 303 percent more cases than in the previous year, as shown by the figures provided by the Attorney General’s Office.
Within this modality there are two main techniques that are used by cybercriminals who seek to trick internet users into keeping personal information and bank details. Its about spoofing and the pharming.
Spoofing is known to be a spoofing of the website through different techniques.
(You may be interested: What happens if you do not accept the new WhatsApp privacy policies?)
“There are numerous types of spoofing; in one of these, the attackers falsify the window where the user has to enter their personal data, and then keep that information. Another is the falsification of the sender’s email address to simulate that a message has been sent by an official account”Says Denise Giusto Bilic, specialist in computer security at Eset.
On the other hand, pharming consists of an attack in which a web page is redirected to an IP address other than the original one. All this in order for the user to reach a fake site, despite entering the correct URL.
(Also: The function that WhatsApp prepares to log out of the application)
“This modality was widely used by criminals to be able to intercept the computers of companies and citizens, launching attacks via email and messaging applications”, Indicates Fredy Bautista, cybersecurity advisor of the Colombian Chamber of Information Technology and Telecommunications.
What to do?
Cybercriminals use these methods to impersonate mainly web pages that have digital payment gateways, online banking entities and electronic commerce platforms. This is why it is important pay more attention when browsing these sites.
In the first place, you have to know that what attackers are looking for with these modalities is for users to enter personal information, and then proceed to theft or identity theft.
(Also: The main types of cybercrime and how to protect yourself)
Giusto points out that there are three alerts that can help you know if you have entered a fake page. “TBe aware if your bank or email provider notifies you that a login has been made from another device, also check that no unknown charges have been generated to your credit or debit card and be alert if they confirm a password change for an account that you have not made.
Remember that the best way to put barriers to attackers is to keep the security tools of your devices updated, from the antivirus to the operating system, this will allow you to close vulnerabilities that can be used against you.
Also, pay close attention to the address in which you are browsing, especially if you accessed it through an email about whose origin you are not sure.
(Also read: A year after Uber’s return to the country, what happened?)
“The best thing is to manually enter the web page you want to access. Also, review the data of the security certificate of the site to verify that they coincide with what would be expected from the legitimate site and avoid suspicious pages, especially if they request to enter personal data or download a file”, Details Bautista.
Finally, enable double factor authentication for as many digital services as possible. With this, if a cybercriminal accesses the access data of an account, they will need an additional security code, which will arrive to you by email or text message.
You may also be interested in:
– Digital identity: what it is and why it must be protected
– What is the origin of the global microchip crisis and how does it affect us?
– Beware: do not promote piracy on Telegram
Twitter: @ TecnósferaET