Don’t Click on Links You Don't Recognize

The Internet is full of scams, so you must be careful not to compromise your personal data. Cybercriminals are constantly looking for new ways to deceive users, and phishing is one of the most common forms of scam. 

Phishing is a technique used by criminals that combines social engineering and technical tricks to fool people into providing confidential information, such as banking details, passwords, and credit card numbers. The term ‘phishing’ is derived from the English word ‘fishing’, as in casting a bait to lure a victim and waiting for them to bite.

In this scam, attackers typically send emails or messages that appear to be from a trusted source. These messages might ask you to confirm your banking information, contain bills for purchases the victim doesn’t recognize, urge you to change your password due to alleged hacking attempts, or even appear to be from people you know. After clicking on the link in the email, the message will usually redirect you to a fake website that prompts you to enter important information. If you follow these instructions and enter the requested information, the criminal will be able to use it.

To protect yourself from phishing scams, you should be cautious and avoid emails with the following red flags:

- Urgent messages informing you that failure to follow certain procedures (clicking on a link, downloading a file) will have negative consequences. For example, the message may threaten to cancel a service or include you on a list of defaulters if you don’t follow the instructions in the message.

- Emails with grammatical errors. Legitimate companies usually proofread their messages before sending them, which is why they contain few grammatical errors. An email containing multiple errors may be a scam.

- The domain of the email address or the link you are prompted to click doesn’t match the domain of the company's website. Companies generally have their own domain name (for example, nic.br). An email from a company using a domain that does not match their website or a domain that only looks similar but is fake (for example, “n1c.br” instead of “nic.br”) is a strong indication of fraud. If you receive an email containing a link, you can hover your mouse over the link without clicking to preview the full URL. If it doesn't match the domain of the company, don't click on the link.

If you suspect an email or message is a phishing attempt, don't click on any links or download any files it contains. Report the email as phishing using the tools offered by your email service provider, if this option is available.

Whenever you have any doubt as to whether a message is legitimate, look up the institution's official contact information and contact them to verify. Some institutions even have dedicated channels for reporting cybercrimes such as phishing and fraud.

If you fall victim to a phishing scam, collect as much evidence as possible, such as screenshots of the email and fake website, and file a police report at the nearest police station or through a virtual platform if available in your state. Also check what data may have been exposed to the criminals and take action accordingly, for example, change compromised passwords or cancel your credit cards.

Stay alert and avoid falling for scams! 

More information: 
https://cartilha.cert.br/fasciculos/#banco-via-internet (portuguese only)
https://cartilha.cert.br/fasciculos/#phishing-golpes (portuguese only)

*Topic suggested by Fabio Storino (Cetic.br|NIC.br) and Marcelo Chaves (CERT.br|NIC.br).

Audio Description

In the first scene, a young woman is using her computer when she receives an email that appears to be from her bank. The email is asking her to update her registration details by clicking on a red link that says UPDATE REGISTRATION. Above the woman, a message appears: “Have you received an email asking you to click on a link?”. The message changes to “It could be a scam in disguise!” A yellow triangle with a warning symbol appears over the email and a suspicious hacker emerges behind it.

In the third scene, the woman examines the email with a magnifying glass. The message at the top of the screen reads: “Pay attention to the domain”. She checks and notices that the domain of the sender's email address doesn't match the institution's official domain. She then hovers her mouse over the link and sees that the domain is also suspicious.

In the third scene, the phrase changes to “If you have any doubt, don't click and report the message!”. The woman clicks on the Report icon and selects the “Report phishing” option. A pop-up window opens confirming that the email has been successfully reported. The woman claps her hands.