Protection against fraud, social engineering, phishing, and other attacks

Home      Protection against fraud, social engineering, phishing, and other attacks | NixNetworks

The best way to detect attempts at fraud, identity theft, social engineering, or other types of attacks on the Internet is to understand them so you know how to react. Below we list some of the most common attacks and how to protect yourself. We also offer Security Solutions that can help keep you safe.

 

What is Social Engineering?

Social engineering is a technique used to trick people into giving up personal information, bank information, or performing a task that results in fraud. It is carried out by people who have basic information about us and are looking to obtain the data they need to commit fraud, or who seek to extort people for a benefit, whether economic or material. This commonly occurs in phone calls where they pose as acquaintances or friends, banks, service departments, and even criminal groups.

The way to protect yourself from these attacks is to be attentive to how the situation develops, identify what they want from you (usernames, passwords, credit card number, security codes, personal data, etc.), and once detected, end the call, report the number, and hang up. In the case of an extortion call, it is recommended to confirm with your family members that everything is in order.

 

Phishing and Spam

Phishing is a type of attack by cybercriminals who seek to defraud users by inviting them to download programs or visit malicious websites that infect the user's computer. These types of infections allow cybercriminals to take control of your machine, use it as a bot to attack third parties, steal personal or banking information, or block the user's access to their own information.

Spam is unwanted mail that arrives in email accounts; some examples of spam are advertising and propaganda.

Both attacks occur via email and are very common, so care must be taken. In the case of spam, it can simply be ignored and deleted; many email services even detect and filter it to prevent it from reaching inboxes.

In the case of phishing, let's take the scenario where we receive an email from an email account like "Apple Support <confirmationaccount-alertamail.21614393@alksghiowqlkasnf.hav-sui-w.live>". We can identify at a glance that it is of dubious origin. Emails from legitimate companies usually include their domain name; for example, in the case of Apple, it should include the domain mac.com, apple.com, or similar. When we make purchases from the Apple Store, an email from Apple arrives with the sender <no_reply@email.apple.com>, which indicates that it is an Apple email because it ends in .apple.com, therefore it is reliable at a glance.

 

When an email is NOT reliable at a glance, it is best to report it to the organization's security department and delete it immediately.

If we have opened the external link because it looked legitimate in the email, we will probably see a fake site very similar to the real one, but before clicking on any link, you must first confirm several things:

  • The domain name must match that of the provider. For example, upon receiving an email from Apple, the navigation bar should look similar to apple.com/example-path. The important part is the one that is highlighted. BE CAREFUL, on cell phones, due to the small screen, the full path is NOT visible, making it easier to fall for these tricks.
  • The site must have an SSL certificate. Currently, almost all browsers show a padlock when accessing a secure site, so if the padlock does not appear or a security alert appears, you should close the browser tab immediately. This applies to most manufacturers, public sites, online stores, and banking portals.
  • Run a test with simulated data. For advanced users only. This allows you to see if the page really validates the data or just wants to trick us by simulating a validation; complete the form with data different from the real ones to check the error message of the fake page.

And finally, if you have doubts about a page, it is best not to open it or to close it and type the address you want to go to directly into the browser bar. It can also be done from some device Apps, for example, managing your iCloud account on Apple can be done from the cell phone or tablet.

 

BEC - Business Email Compromise

BEC-type attacks seek to compromise or impersonate the identity of senior executives in an organization to achieve a specific goal, whether it is collecting strategic data from the organization, money, or affecting the company's decision-making.

An example of this type of attack is when a person in the finance department receives an email from the company's CEO asking them to make a transfer to an unknown account.

 

Email Saturation

This type of attack can be identified when you check your email account and realize that you cannot send emails or that when someone sends you an email, it bounces back saying that your mailbox is full/saturated. This behavior alone may be normal and mean that you need additional capacity in your email, but if you notice that you have received many unexpected emails with large attachments, this may be an indication of an attack attempting to saturate your mailbox.

On the other hand, if you notice that your sent mail folder has emails you don't recognize and these, in turn, have very heavy attachments, it is another sign that an attempt was made to saturate your account, that it was compromised, and that you need to change your password immediately.

To stop and resolve this type of attack, the recommendations are to change the email account password, either from the mail administrator or from your profile; and delete the "abnormal" emails from the inbox, sent, drafts, and trash folders. In this way, you can recover the space that was occupied by those emails with attachments.

 

How to Defend Against Attacks

To stay protected and away from malware, we recommend:

  • Do not open suspicious emails.
  • Do not open suspicious files; this includes documents, spreadsheets, presentations, or executables.
  • Do not open emails you are not expecting to receive, for example, if you receive an email that says "Invoice," but you didn't buy anything, don't open it.
  • Use only software authorized by your organization.
  • Avoid using illegal software or software for downloads, for example, Ares, Torrent, etc.
  • Avoid software you are unfamiliar with or that was recommended by a stranger.
  • Avoid installing or using software found on a USB drive.
  • Report the incident to your organization's security department.

At NixNetworks, we offer multiple security solutions that include mail protection, antivirus for endpoints, and security for cloud servers. Backed by the security leader TrendMicro, the solutions are capable of detecting and blocking multiple types of attacks before they reach your inbox or execute on your computers or servers. Contact us for more information.

   

We are your ally in the implementation of technological projects and we gladly place our experience at your service.

www.nixnetworks.mx

CDMX, Mexico

Latest Posts

Contact Us

To obtain more information about our solutions, please use the contact form or the chat.

Contact

Copyright © 2025 NIX Networks