Phishing is a cyber act whereby targets are contacted via cyber means by someone posing as a legitimate institution to lure individuals into providing sensitive data. Such data may include personally identifiable information, banking and credit card details, and passwords. Once the information is given, it can then be used as a means to be granted access and can potentially result in identity theft and financial loss.

We live in a modern world and our belongings are no longer limited to tangible things, but rather includes a wider variety of belongings - and that is data. The dangers of people trying to obtain personal data by deception (that is by pretending to be the individual whom the data concerns) can be minimised if we are informed. We should be able to recognise 'phishing' attacks.

Why is it called 'Phishing' ?

phishing . \FISH-ing\ . noun. : a scam by which an e-mail user is duped into revealing personal or confidential information which the scammer can use illicitly. Examples: The widespread use of electronic banking and financial transactions has prompted the FTC to crack down on cyber crimes, such as phishing.

This act is called 'phishing' as fraudsters pretend to be someone they are not, and as a fisherman lowers his hook into the sea, a fraudster tries to hook potential victims from an ocean of users.

A typical phishing scam starts with a person sending out tons of e-mails that appear to come from a respected company - usually popular companies such as e-money institutions or banks.

'Phishing Attack'

A phishing attack is often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker pretends to be a trusted entity, and leads the user to opening an e-mail, a message or a text.

As tech users, we are very familiar with the use of e-mails as a means of communication, especially at the work place.

Phishing e-mails generally urge users to submit personal data and/or to verify previously provided information. Users who fall for the attack run the risk of losing data, or even money.

Victim of Phishing Scam?

More people are informed about phishing attacks and scams, however it does not mean that we are safe. The important thing is that you react. If you think that you are a victim of a scam, or it was brought to your knowledge that the link you entered into is a scam, do not panic, but react.

A few things you can do:

  • Change your password, and do not make it an easy one
  • Check recent activities and make sure that all activity was done by you
  • Implement an anti-virus
  • Monitor unauthorised activity
  • Make a report:

Contact Information of the Cyber Crime Unit:

Contact Name: POLICE HEADQUARTERS

Telephone: 2294 2231

Email: computer.crime@gov.mt

The Role of GDPR

The collection, storage and/or usage of data of people within the European Union fall under the GDPR, meaning that there exists an obligation to comply with the rules and requirements. One of which is "data protection by design and by default." This means that a company subject to the GDPR shall consider the implications of data protection of new and existing products and services.

Article 5 of the GDPR lists the principles relating to processing of personal data and how a subject person must adhere to such data protection, including but not limited to the adoption of appropriate technical measures to secure data.

In fact, both encryption and pseudonymization are listed in the law as examples of technical measures that one can use to minimize the potential damage in the event of a data breach.

Data encryption and pseudonymization technologies are important tools to provide data protection as mandated by the GDPR. If managed properly such tools can be very powerful in preventing phishing attacks. End-to-end encryption provides strong data protection for data centres and together with other tools a balance may be reached between GDPR and the security needs of users.

In Conclusion.

In conclusion if you have received an e-mail asking for your personal information to be updated, please be cautious and make sure that you are familiar to the sender. If you have any doubts, do NOT click on any links as you might end up providing information to a fraudster.

Want to learn more:

https://cybersecurity.gov.mt/what-to-do-if-youre-a-phishing-victim/

https://pulizija.gov.mt/en/police-force/police-sections/Pages/Cyber-Crime-Unit.aspx

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.