How phishing works and how to prevent it?

12 March 2020 | Authentication, Cybersecurity, Tips

Charlène Demaret

|

Unikname Connect is about Security

It’s official : Cybercrime profits reached 3.5 billions dollars in 2019 with phishing in the top scams, according to the service’s internet crime complaint centre.

What is phishing? 

Basically, phishing is a cyber attack in which a target is contacted by email, or text message by someone posing as a company or legitimate institution.

The goal is to trick the email receiver into believing that the message is something they need or want — a request from their bank, for instance, or a note from a colleague — and to click a link or download an attachment.

Phishing techniques are becoming more and more sophisticated, making it difficult for people to tell “real from fake”. Specially because web or email addresses that are fooling people are looking increasingly legitimate.

How to recognise phishing attacks?

1. The email is sent from a public address email

Often, the criminal will use a public email address such as gmail.com. If your bank or colleague is going to email you, it will come from a company email account with the company name in the email address. As an example, legitimate emails from Amazon will read ‘@amazon.com’.

2. Strange attachments

If you receive an email from someone you don’t know asking you to open an attachment, do not open it. Same thing if you receive an unexpected email from someone you know. These attachments can capture your personal data or contain malware.

3. Email with a sense of urgency

Phishing emails frequently ask receivers to verify personal information, such as passwords or bank details. They can create a sense of urgency by pretending to be someone you know who is in urgent need of financial help. It can also warn you that your account has experienced suspicious activity.

4. Poor spelling and grammar

You can often spot a phishing email by the poor language used in the body of the message. The writing style might be different to what you are used to receive from the sender and it might contain spelling and grammatical mistakes. If you receive an email fraught with errors this can be a strong indicator it is actually a phish.

What happen if users’ fall through the net ?

 

How can phishing impact your business?

48% of consumers stop using services after a data breach.

How to protect your business against phishing ?

The good news is that you can make sure that the hacker comes back from phishing empty handed, at least, without your user’s credentials. How? By having integrated on your website an authentication solution that does not require the user’s email or password.

Create your enterprise account to install the Unikname Connect plugin!

The wrong answer would be to delegate the authentication to a third party IDP (identity provider) like social sign-in.

Social Authentication is appealing to many businesses because it is user-friendly, and has no password to manage, suggesting that if there are no passwords to fill in, there are thereby no phishing hacks possible.

Social authentication does not eliminate the risk of stolen credentials.

The theft, indeed, is not operated in your data base but directly on the IDP’s side. Recent news have shown that those actors are not infallible, specially because they operates on a centralize data base.

 

How does Unikname Connect work?

Unikname Connect, the Confidential and Secure user connection

Protect your business and attract more users.

Follow us!