Gozde Bayar
September 04, 2019•Update: September 04, 2019
ANKARA
Although phishing techniques have become more prevalent and harder to detect, there are still some ways to avoid falling into the traps of cybercriminals, according to experts in the field.
Many people are unaware of small tricks used by cybercriminals when they innocently give away their personal information online.
“Attackers use different forms of social engineering techniques such as phishing, smishing, vishing, and pharming which can be used as bait to lure or ‘phish’ their victims who could be random or specially targeted high-value organizations or victims,” Emre Tezisci, a cybersecurity researcher at a mobile security firm in the U.S. state of California, told Anadolu Agency.
Phishing is when internet fraudsters grab personal information by using deceptive e-mails or websites, where “the victims here [smishing] are sent SMS on their mobile phones,” said Tezisci.
Vishing occurs when criminals have your information and then call you pretending to be someone else in an attempt to get you to release your bank details or convince you do a money transfer, he added.
“Pharming is a scam where a scammer installs some malicious codes on the server or personal computer of their intended victim. The installed code automatically directs your clicks to another website without your knowledge or consent,” said Tezisci.
He also gave an example of a vast "sextortion" campaign in which victims receive a text message or e-mail stating that hackers have their screen and webcam recordings from when they were watching pornography.
To make it more realistic, hackers share the victim’s personal information, such as their previous passwords or phone numbers and ask for bitcoin in return.
“Cybercriminals earned around $1.2 million in bitcoin just from this campaign,” he highlighted.
He also said that most people are not even aware that their phone numbers are strong identifiers, and carelessly give it out for memberships, discounts or subscriptions.
"Sharing your phone numbers on social platforms or with just anybody is a security risk," he urged, adding that users must learn to be selective with who they give their personal information to.
'Cyber-paranoia' as a tool against phishing attacks
Attackers use more convincing techniques, so it becomes harder to detect attacks especially when they know the victim’s fears, curiosities or interests, said Caner Koroglu, co-founder and chief executive officer of the cybersecurity consultancy firm PRISMA.
''Agreeing with a security software producer, the government could offer a mobile anti-virus software to all citizens,” he said, highlighting that the dark web aspect of the internet should be monitored constantly by a specialized tech team.
As for the individuals, he said: “Cyber paranoia is the only missing feeling of the victims. With a little paranoia, we can manage not to click on any link even when we have little doubt.”
“We should use social media with restraint,” he said and urged users not to jump at all ads or enter websites that ask for critical information.
Millions of people fall victim to phishing attacks in Turkey, but just a few are aware of their rights and seek the judicial process, lawyer Yusuf Dere told Anadolu Agency.
“The increase in fraud and cyber-crimes cannot be prevented as long as a burden is laid on the mobile payment companies,” said Dere, urging all stakeholders to raise awareness on this issue.
The country’s banking watchdog should increase its effectiveness in the audit to fight against phishing activities, he said.
“The Banking Regulation and Supervision Agency should increase its audit effectiveness, and should carry out the necessary legal follow-up procedures on both firms which provide mobile payment service without an activity certificate and others that work with those firms,” Dere added.
