Have you ever received an email from any corporate company asking you to verify your credentials or bank accounts? If your answer is yes, you may have witnessed some kind of cyber attack. What if we tell you that the e-mail you received may not have been sent from that company that you actually know and trust. This is called phishing. Attackers send you an email pretending to be a trusted company or bank.
This e-mail appears to have been sent from a known website or your bank from which you received the service, so it doesn't even occur to you that it may be a phishing attack when you open the e-mail. E-mails can be sent to you with different content, for example by sending an image sent from your bank, in order to update your accountyou will be asked to enter your personal information, such as your credit card number and password, or by saying "you won a gift, you have a discount, just click to get it!" they try to create excitement and curiosity, in this way they lead you to click on the link. So when you click on the link, you will be redirected to another web address (URL). The site you are redirected to is actually a modified fraudulent site, and as soon as you enter your information into this site, this information is passed into the hands of the attacker who is trying to hook you. This captured important data is then used to demand money from you through threats. Phishing is the most preferred method of attack by cybercriminals, and since most people who are not aware of this method fall into this trap, the success rate of the attack is very high. If this attack method is used against people with a high job profile, such as a senior manager, it is called "whale hunting" because much higher amounts of money are demanded (because they are after the big fish).
How can we distinguish phishing attacks?
- Corporate language: If the e-mail sent does not contain an official language or if this language does not correspond to the e-mail you received from your corporate company or bank, then there is a mistake.
- Request for personal information: Generally, institutionalized companies do not request your personal data by e-mail, this is a method used by scammers.
- Creating urgency: Fake e-mails encourage you to write the requested information as soon as possible by creating panic or excitement.
- Different web address (URL): Always check the domain name of the website. Corporate companies have their own corporate URL. (For example: .com / .net / .org / .gov / .edu / .info etc.)
How are we protected from phishing attacks?
- Firstly, don't give your personal information. Please note that corporate companies will not request this information from you via email!
- The web sites of the corporate companies you enter, contain a confidentiality agreement in order to protect your personal rights. Check this agreement before sharing any information.
- Do not rush to click. Carefully examine whether the mail contains any of the items above.
- Finally, you can query the links sent to you via "Phishing Tank" (https://www.phishtank.com/), and find out if the web address sent to you from this site is sent for attack purposes.