What is phishing? It is a practice where the victim receives – in general – an email indicating that our bank account has a problem and that we have to go to the page of the financial institution to solve it. However, although the page to which the bad mail refers us is identical to the original one in the look & feel, as far as the links of the same are totally different. For example, instead of referring us to the Santander bank page, it could be that it took us to a page with a URL that could start with Santander.
That is why it is important that as users we know the difference between an official page and a fraudulent copy.
In general, many of the browsers usually indicate to users when some link does not correspond to the one that is supposedly indicating the text, however there is no browser, there is no browser that can contemplate all the human tricks to try to steal confidential information.
Although it is not known if the practice of phishing is something to worry about, we should not take it lightly since the banks at no time ask us for our personal data by email or telephone. Unfortunately, this practice continues to cause hundreds of victims. In Michigan, the United States, a group of auditors conducted a false phishing attack on 5,000 state employees and a third of them opened the mail and clicked on the link mentioned above. Almost a fifth of those who opened the message gave their identification and password.
The objective of the operation was to show the weaknesses of the government's computer network. In addition to checking that phishing schemes are in effect and of course show that users who are deceived at the end of the day may be providing personal information, such as where they live or even where they work.
The Michigan Auditor General's office discovered 14 findings in an audit, 5 in particular were among the most serious, one of the findings that was discovered is; improper handling of firewalls as well as insufficient processes to confirm if only authorized devices can be connected to the network. Unauthorized devices may not comply with state regulations, increasing the commitment to network infection, says the auditor.
The only solution to this is to educate about the problem and make users understand the dangers that are exposed. That is often a long road and therefore seeks to implement measures more quickly, even if they are coercive.