HaqCheck published in June 2021 an alert about a scam that was circulating on email, social media, and messaging apps about a Coca-Cola welfare fund. The link invites you to provide your own personal details on a survey to ‘win’ a prize.
Phishing is a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking, and credit card details and passwords.
HaqCheck has now observed similar links using different well-known corporations to claim prizes. Given that this tactic is on the increase we analyzed how the public can protect themself from these kinds of scams.
Most of the time, scammers use online surveys to scrape sensitive personal or financial information. This data can be used to commit identity theft or to be sold to a third party. Either way, they're making money.
They use malicious links which are created to promote scams, attacks, and fraud.
By clicking on an infected URL, malware can be downloaded such as a Trojan or virus which can then take control of your devices. You also might be persuaded to part with sensitive information on a fake website. Phishing, the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, has been mentioned above and another popular tactic to get you to give up passwords or personal information about yourself.
Hiskias Dingeto, a cybersecurity expert and P.H.D candidate at Dongguk University in South Korea, defines phishing as “making a website to deceive a user or to get the users personal information”.
As Hiskias explains, the phishers usually copy the whole website of a legitimate body with a different URL (Uniform Resource Locator, which incorporates the domain name, along with other detailed information), to create a complete web address. “After you give your credentials (email and password) they use it for their own benefit,” he added, “it is the easiest way to attack people”.
How to spot a potential scam?
Phishing emails and text messages may look like or pretend to be from a company you know or trust.
They seem too good to be true, with eye-catching or attention-grabbing statements.
They often say there’s a problem or a prize to trick you into clicking on a link or opening an attachment.
They have a sense of urgency, pressuring you to act immediately and sometimes giving you a time limit or a deadline.
They might claim that you use their services (such as a bank or postal service) but you have never used them before.
How to avoid such scams?
Check the web address (URL) and domains.
Stay alert and be skeptical, know who your providers are, and cross-check from the impersonated organization.
Don’t give your personal or financial information in response to a request that you didn’t expect.
Resist the pressure to act immediately, take your time to check and cross-check the entity of the sender.
Do not click on links or open any attachments or pop-up screens from sources you are not familiar with.
Most organizations realize the potential for scamming and now don’t request confidential data online. So don’t offer up anything about yourself, even your mother’s maiden name. You can also contact the organization independently if you have any doubts.
Besides checking and cross-checking the URL and the domain of the sender, Hiskias also recommends you check whether the website uses HTTP or HTTPS.
HTTP has been the standard protocol for transferring hypertext documents on the Web but HTTPS is a more secure version – a combination of the HTTP with the Secure Socket Layer (SSL). Most trustworthy companies use this now so beware if you see an HTTP link.
He emphasizes “when using your browser notice if there is a locked key sign on the address bar: which means the website is secured or it uses HTTPS”.