At Carnival every joke is valid, but not those that hide cyber attacks. A report by N26, a German bank particularly active on the web, provides us with the tools to recognize and defend ourselves from phishing, vishing, smishing.
N26’s advice to avoid falling into Carnival cyber attacks
We get ready for Carnival, a moment in which we enjoy dressing up and making jokes. But there is little to fool around when it comes to personal identity and sensitive data. It is no coincidence that cybercriminals love to disguise themselves and send emails and messages under a false name, perhaps posing as the victim’s bank, stealing data and money from users. In short: at Carnival not every joke is valid, especially those that actually have a value. We are talking about well-known phenomena, known as Phishing, Vishing, Smishing: e-mails, SMS or seemingly harmless phone calls that become bait to push people to take immediate action with harmful consequences. These phenomena are explained to us well by the experts of N26, the 100% digital bank. We understand well what these dangerous tricks consist of.
- Phishing. These are email communications – which appear to come from your bank – in which you are asked to update your data or password. However, by accessing the link, you are redirected to a seemingly authentic copy of the bank’s website, including banners and official branding.
How to recognize a phishing email? In reality it is very simple: the openings are apparently generic (“Dear Sir” or “Madam”), without any reference to the name and surname of the recipient. the e-mail often comes from a company you have never had anything to do with; It is also important to check that the website address contained in the link corresponds to that of your bank and, if in doubt, open a new window and visit the website directly. Phishing is an easily circumvented tactic – just don’t open the link.
- Smishing. These are phishing attacks but in the form of SMS messages, often mysterious. They urge the recipient to make a wire transfer to pay an unpaid bill or invoice. The purpose of these attacks is typically to steal money from the victim. However, they may also try to steal his identity. Again, the best answer is not to answer.
- Vishing. This is a phishing attack that takes place over the phone. In this case, cybercriminals pretend to be people people tend to trust (such as a bank employee or an official from the Revenue Agency).
How do cybercriminals approach? Here is a series of excuses to lure victims
- Compromised current account. The scammers contact to report that the account has been compromised and is in danger of suffering a cyber attack. At that point they try to persuade the victim to transfer the money to a ‘safer’ account.
- An unmissable offer. Hackers show up on the phone with loan offers, rewards, or an unmissable investment opportunity.
- Tax scams. They pretend to be officials of the Inland Revenue or debt collection officers and scare the victims by talking about unpaid taxes, threatening heavy penalties.
- Social security scams. Cybercriminals pretend to call on behalf of a social security or welfare organization in hopes of getting their hands on benefits or pensions, or stealing cash. In this case, older people are a frequent target for these scams, as they often live alone or are poorly informed.
How to protect yourself? The advice of N26
Here is a series of tips that N26 offers to defend against these Carnival pranks. In general, the advice is to always be prudent and aware of how a bank or an institution relates to its customers. A vigilant use of the web is then a fundamental requirement to live the web in safety. Here are other tips from the German bank.
- Never share or confirm personal data;
- Do not reply to e-mails, SMS or messages on social media that ask for personal data or propose suspicious phone links;
- Pay attention whenever you are asked to enter sensitive data;
- Always question the source e-mails asking for something; particular attention to the details of the sender and any URLs;
- Don’t be fooled by the urgent request and don’t feel compelled to act immediately;
- If an offer (online or offline) seems too good to be true, it’s probably not real;
- Always double-check the links sent by e-mail and, if in doubt, visit the site in question directly through your browser, without clicking on the link contained in the e-mail;
- Don’t download files, don’t share personal information, and don’t open links from unknown senders.
In this regard, read also: Phishing: DHL becomes the most imitated brand by cybercriminals