With the presence of digital in our daily lives, which tends to grow and take up more and more space in our lives, it is important to take stock of the protection of digital information, as well as the devices and resources of companies and, of course, people. For this reason, it seems pertinent to me to offer a few recommendations and some awareness on cybersecurity and social engineering attacks that, basically, refer to people manipulation actions to disclose information or perform actions that compromise systems.
One of these attacks, and one of the best-known techniques, is phishing, which is based on sending emails that look similar, or even the same, as those from companies such as Apple, Microsoft or UPS but point to fraudulent websites. Note that although we have been witnessing a growth of this type of attack until 2020, this figure, although high, stagnated recently. On the other hand, we can see that criminals have started to bet on two different techniques: smishing and vishing.
Regarding the first, although it is not easy to use the SIM cloning technique in Portugal, sometimes we come across SMS messages with fraudulent links that arrive as messages from the bank or a hypermarket and that “fall” in the middle of real, previously received messages, deceiving those services’ clients.
As far as vishing is concerned, it refers to attacks made via phone calls, which are increasingly frequent and have even happened to several of my colleagues. In these cases, it is very common for someone to pose as Microsoft support, for example, stating that they have detected an illegal licence and that, for this problem to be corrected, it is necessary to install remote software for analysis or simply run software that will solve the problem. From the moment the attackers install whatever this software might be on the user’s device, they immediately have remote access to it.