Phishing is becoming increasingly popular and inventive on the Internet. These are various schemes for fraud in electronic communication, the purpose of which is to obtain data from users with personal information – bank accounts, passwords, access to accounts in online stores, personal profiles, accounts in social networks, etc. If a person gives such data, they can end up with blocked social network profiles, siphoned money from an account, stolen identity and any number of other scenarios that the human mind is capable of, increasingly aided by artificial intelligence (in English: artificial intelligence, AI). AI can also successfully imitate the voice of a person (taken from a video from social networks for example) and use this for various frauds.

What do phishing scams have in common?

• One of the most popular ways to send phishing is via email, but recently it is increasingly being sent via messenger, viber and other personal messaging tools to users.
• Online fraudsters try to make their messages look legitimate and as authentic as possible by mimicking logos, pages, emails, links, etc.
• The sender of a fraudulent message is always at first glance from an authoritative organization (bank, Facebook, Instagram, online seller, online service provider).
• They use fear as an emotion. In the message there is a call for urgency – something is urgent, mandatory, threatening, requires the immediate intervention of the user.
• The most common is that the user is asked to take an action (to save a profile, page, account) and/or to provide data for some well-founded purpose. Very often there is some link and a call to click on it, or to fill in data in some form. Otherwise, “the account will be closed”, “the page will be deleted” or some other dramatic event will occur that every user does not want to happen to him.
• They inspire confidence. Often, the style of such texts is high, gives confidence and suggests that it is there because it has found a problem and that it can help: “Please follow the instructions to solve this problem…”, “to update your page”, ” to protect your account”, “your Facebook page is scheduled to be permanently deleted due to a post that violates our rights. If you believe this is a misunderstanding, we kindly ask you to file a complaint to restore your page before removing it from Facebook.” Even their signatures at the end of the messages are super kind after offering us “help”: “best regards, Facebook support group”.

How to protect people from phishing attacks?

The main thing is that people do not react emotionally to online messages, and do not rush to respond to them. If something is in doubt, they should ask someone more familiar with computer technology. It’s good for everyone to have basic computer literacy, accompanied by a healthy dose of suspicion, and not to share sensitive information on social networks (at their discretion). With the help of artificial intelligence, scams are becoming more inventive with personal data that is already shared by people in the public space.

• On the Internet, anyone can publish almost anything. It is full of fake news, sites, messages, pictures, videos.
• One should not be in a hurry to respond to online messages.
• It is very important not to provide personal data with sensitive information – by e-mail, after clicking on links, by messenger, Viber, Instagram message or otherwise. Banks do not ask for confidential information by e-mail and telephone. Facebook and Google also do not require such actions from users.
• It is necessary to pay attention to the email from which the message comes – it usually contains a threat, and the sender’s email may contain an authoritative name, but be just an imitation. For example, accounts@accounts.google.domain.com has nothing to do with the authentic accounts@google.com.

Meta presents a list of emails from which a message can officially be sent on their behalf. The company specifies that they would not ask anyone for a password in an email, nor would they send a password in an attachment. Among the most common fake messages on Facebook and Instagram are those that someone’s profile or page has violated (a) Community Standards, where they can be blocked (a) if certain actions are not taken (click, fill in data and others). Calls to action against account bans are also bogus.

The most important thing is that if a person doubts a message, he should not click, reply, fill in information. It is best to consult a more informed acquaintance, or directly write to phish@fb.com, as well as report a page, profile or message (there are always options for this, most often you can click on three dots to the right of the message, page, group, profile, hence the “report” option). If someone is bothered by someone on social media, they can easily block them in addition to reporting them.

• There is always a mismatch between the domain of the sender of an email and the domain in the web page link from the message.
• Sometimes an “acquaintance” of ours sends us “our mutual video” which he invites us to watch. Or we receive an email with which a familiar contact invites us to do something else. In such a case – again suspicion and advice to ask the sender if he really sent something, or if his account was used by someone else for the purpose of some kind of information gathering.

Phishing is not just a vicious practice, it is a crime. It is recommended that you report scams received in emails or other types of online private messages. For this purpose, information can be sent to official sites of the platforms on whose behalf such threatening texts are sent. And it is best not to respond at all to random emails, messages or any calls for action regarding accounts, pages, profiles, bank accounts, etc.