‘Typosquatting’ ‘vishing’ and ‘smishing’ These are just some of the techniques that Cybercriminals use dates such as Black Friday and Cyber Mondayin which ‘online’ purchases multiply, often plagued by offers that are not what they seem and result in the massive theft of users’ data and money.
In these shopping days, frauds with fake coupons, discounts and the well-known ‘flash’ promotions frequently occur, which seek to attract the most unsuspecting users who believe that they should not miss out on an offer that is too attractive. These are also usually victims of so-called ‘malvertising’ or distribution of ‘online’ advertisements used by cyber attackers to distribute malicious programs or redirect user traffic.
There is also a wide spread of malicious applications, designed with the intention of stealing data by posing as legitimate ones, damaging devices or compromising the security of users, who end up becoming victims after their installation.
Although Black Friday and Cyber Monday are important dates for cybercriminals, they also take advantage of the opportunity to run campaigns with techniques as simple and effective as ‘typosquatting’, which consists of creating both ‘apps’ and fake websites taking advantage of errors. common fonts and change letters and numbers that look very similar. For example, the letter ‘o’ for a zero (0) or the letter ‘l’ for a capital ‘i’ (I).
Although they are not exclusive to these shopping days, on these dates there is never a shortage of ‘phishing’ attacks, frauds through emails aimed at obtaining personal and financial data. This consists of deceiving a user by posing as a trusted company, service or person.
For this, Scammers create a seemingly legitimate email and send communications that require immediate action. For example, clicking on a link to a website that turns out to be fake, even though it may look legitimate.
Taking advantage of this technique, it is worth noting that the cloning of websites is also common, illegitimate pages that malicious actors use to collect personally identifiable information (PII), access credentials and personal data of consumers.
In both cases, and so that users do not end up taking the bait, it is advisable to access the proposed service through the browser, entering the URL sent through these messages manually, instead of clicking directly on the link. .
He ‘vishing’ It also points to an alleged urgency through fake phone calls, in which malicious agents impersonate a company or service to obtain confidential information. The most common thing is that they impersonate the bank and report an alleged problem with the victims’ credit cards and that they need personal information to block them to avoid fraud.
In line with these telephone scams, it is worth remembering that a new type of deception has multiplied where the victim receives a call and, when they respond with a ‘yes’, a message appears in which they are notified that they have formalized the hiring of a specific service.
Users, bewildered, call back and give their confidential information to, presumably, cancel that service, leaving all their personal information exposed so that cybercriminals can do whatever they want with it, including hiring another service at their expense. .
#careful #favorite #dates #cybercriminals #coming #Black #Friday #Cyber #Monday
