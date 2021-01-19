“He phishing is still one of the most widely used methods to distribute malware and steal credentials and then commit fraud ”. This is explained by a report that investigates the cases of theft of credit cards and online payment methods during 2020, the year in which the coronavirus favored online attacks due to the increase in home office all over the world.

This implied a rise in cybercrime with growth peaks of a 220% worldwide, especially in moments of confinement. The F5 Labs report reveals that according to data provided by expert associations in Argentina there was an increase of more than 60% in consultations for cases of computer crimes in relation to 2019.

In addition, they explain that it was “won” in organization in cybercrime: “What appears to be a well-known form of cybercrime, in practice most of the time turns out to be a well-orchestrated, multifaceted and sustained by organized crime groups”.

“During 2020, scammers were quick to take advantage of the confusion and we saw large spikes in phishing activities that closely coincide with various blocking rules and the increase in home work ”, express the specialists of F5.

As they revealed, to the constant attacks on banks, governments and people of great public exposure, there are also laboratories and regulatory bodies linked to the pharmaceutical industry to reveal the advances and Covid-19 test results.

“While millions of people trying to learn real facts about the pandemic from world leaders, the cybercriminal community found their opportunity in phishing emails, which began to hit inboxes in mid-March with subject lines like ‘Covid-19 in your area’“and ‘Message from the World Health Organization,'” they explained. These emails made clear three main goals that scammers focused their efforts on: soliciting donations from bogus charities, credential harvesting and malware delivery.

Anatomy of an attack

Although it may seem that phishing is a very refined method, its greatest virtue is deception. Technology experts point out that many tools can be developed and threat prevention and containment software But only training and awareness will eliminate the “layer 8 error”. A technical name for the mistakes that individuals who use the programs make.

“At 100% of emails of phishing that were examined, the cybercriminal used authority as a resource and 71% of the phishing emails added a sense of urgency, ”they explain.

Whether it’s the delivery of an unfulfilled package, a deadline for a competition, or the threat of imminent “legal action,” scammers “they know what to persuade us that we hurry increases the probability of being wrong “, they explain.

“This year we have seen this come true with the large increase in phishing traffic during national pandemic blackout periods and many examples of emails claiming to have information about the virus”, They assure in F5 Labs.

Among the most common recipients, the study identifies three types. One targeted, that is, targeted: criminals are dedicated to determining what their attack targets will be based on personal motivations. There is, however, another type of attack, general, which is indiscriminate: the attacker targets many victims unrelated knowing that they are likely to take a few bites.

And another semi-directed, where the attacks are focused against a specific organization or group.

Precautions and cares

Regardless of how hard private users and companies go to protect their brand and their customers, the end user always will be the target of social engineering attacks.

Therefore, there are some questions that can be taken into account: -Use a password manager: it helps to create random passwords and unique to each site and, of course, it also remembers them all. An extra benefit is its ability to autocomplete them on websites but it will only do so on a domain that it recognizes: any spoofed site you will not be able to obtain passwords automatically.

-Do not trust never on the padlock: the “safe” sites have a padlock in the URL, but this is nothing more than a certification of the HTTPS protocol. It is full of sites that use this system and yet that it does not mean that the site is secure.

–Never click on links in emails: This is very important. If, for example, we receive an email from Netflix saying that we have to change our payment method, never click on the email. In almost everything, Netflix will notify us when we open the application or the official page, and in that case we will be sure that the streaming platform could not process a payment.

Argentina: how cybercrime is regulated in the penal code

In Argentina, the Criminal Code punishes, under Law 26388, computer crimes such as theft of data, access to systems, violation of privacy, crimes against sexual integrity, computer fraud, etc.

Reporting these cases is essential to contain the attacks, for this reason, in case of being the subject of an attack it is recommended:

-Do not delete files, emails, images, etc. related to the fact. They serve to demonstrate and achieve better results in court.

–Do not forward content. This way, you do not put other users at risk.

-Report. Complaints can be filed at any police station, they can be directed to the cybercrime prosecutor of the Attorney General’s Office or to the Technological Crimes Division of the Argentine Federal Police.

