(by Francesco Pagano, Director of Aidr and Head of IT services at Ales spa and Scuderie del Quirinale) The phenomenon of online scams and identity theft on the Internet is growing exponentially. According to data released by Interpol last August, the boom in cyber attacks coincided with the Covid-19 pandemic and marks, in particular, an increase in the use of phishing techniques.
Phishing is an extremely subtle type of attack that uses e-mail communications (but also on social networks and chat platforms) to lure victims to malicious sites or sites designed to steal login credentials to Web services. Cybercriminals involve the use of e-mail messages "packaged" to appear perfectly legitimate, in which hackers impersonate companies, organizations or banking institutions.
The message, often carried out in an extremely convincing way, aims to induce the recipient to click on the link that redirects him to the page controlled by the pirates. To achieve the goal, the scammers use social engineering techniques, i.e. stratagems that leverage the mood of the potential victim. Usually these strategies exploit two different factors: enthusiasm and fear.
In the first case, messages are used that promise gifts, prizes or special offers dedicated to the recipient of the message. In the second, the e-mails instead envisage the risk of having to pay fines or refer to payment requests, invoices or unavoidable deadlines.
The goal is the same: to provoke a reaction in the victim that causes him to act impulsively and click on the link.
In some cases, this leads to a web page that contains malware, in others to a site that at first glance appears to be that of the company or organization impersonated by the hackers. In this second case, the goal of cyber criminals is to induce their victim to enter the login credentials to the service (for example those of the online home banking service) in order to steal them.
It is nothing new Those who habitually use online services have now learned to recognize (and avoid) this type of attack. The Covid-19 pandemic, however, affected the phenomenon in two ways. On the one hand, it has made a theme available to cybercriminals, that of the coronavirus, particularly suitable for arousing fear or alarm in those who receive the messages. On the other hand, the spring lockdown and movement restrictions in this second wave have led many people to use digital tools for the first time or to intensify their use compared to the past.
The result is that cybercriminals can now reach an extremely vulnerable audience of potential victims, who lack the malice to recognize suspicious messages and little experience using the Internet. Protection tools such as firewalls and antivirus software can help to stem the phenomenon, but cannot guarantee absolute protection from this type of attack, which often does not use malicious code but only tricks that aim to deceive unsuspecting users.
Rather, what we desperately need is a literacy process aimed at the whole population, which allows them to acquire those critical skills necessary to defuse attacks by cyber criminals. Something that will probably happen naturally following the surge in digitization we are going through, but that without an intervention that aims at creating a real "safety culture" risks being too slow and leaving an incredible amount of rubble ( digital) on its way.