Users should be wary of "unusual requests for sensitive data"
The National Cybersecurity Center (CNCS) advises users to be wary of "unusual requests for sensitive data" or that lead to critical actions being carried out via mobile phone, following cyberattacks that use these devices.
© Shutterstock
Tech Cibersegurança
Calls from international numbers or sending fraudulent messages with job offers are some of the methods that are being used in cyberattacks.
"Cyberattacks that use the mobile phone as an attack surface, either via SMS or phone calls, are not new", says an official source from CNCS, when contacted by Lusa.
However, "in recent years, there has been a high number of cases of this type, particularly linked to the incident types 'phishing/smishing' and social engineering (which includes 'vishing'), which are carried out with the aim of collecting sensitive information and carrying out fraud against potential victims, exploiting the vulnerabilities of the human factor", adds the same source.
'Phishing' is a type of attack in which social engineering techniques are used to capture sensitive information from a victim, using 'mail'. When the technique is used via SMS, it is called 'smishing' and, by telephone (voice), 'vishing', according to information on the CNCS website.
"Some of the cases included in these typologies, although not all, correspond to the fraudulent phone calls and messages described, namely some 'smishing' and 'vishing' situations", continues an official source from CNCS, in response to Lusa, stating that, "from year to year, 'phishing/smishing' and social engineering incidents have been among the most registered by CERT.PT", as can be seen in the CNCS Cybersecurity Observatory's Risk and Conflict Report.
The National Cybersecurity Centre states that the objective of these campaigns varies: "In some cases, the aim is to co-opt the victim to 'work' as a 'money mule', receiving money or crypto-assets in their account and then transferring them to other accounts, making it difficult to identify the destination account".
In other cases, "the aim is to collect personal and banking data and/or carry out illegitimate bank transfers", and "in almost all situations there is a strong possibility of compromising the victims' devices", warns the CNCS.
Therefore, the CNCS "advises good practices against 'phishing', 'smishing' and 'vishing', as well as those related to the care to be taken with instant messages".
In general, "users should be suspicious of unusual requests for sensitive data or that lead to critical actions being carried out via mobile phone", advises the CNCS.
In addition, "they should think twice before accepting any proposal considered to be very good, probably 'too good to be true'", concludes the same source.
Read Also: Cyberattack compromises data of thousands of Helsinki residents (Portuguese version)
Descarregue a nossa App gratuita.
Oitavo ano consecutivo Escolha do Consumidor para Imprensa Online e eleito o produto do ano 2024.
* Estudo da e Netsonda, nov. e dez. 2023 produtodoano- pt.com