Phishing: the digital scams that threaten Chileans

Constanza, (victim’s name fictitious to protect her identity), is a 24-year-old girl who, at the beginning of April, was at university and received a call from “Banco Estado”. The executive informed her that he had “a surplus for money transfers he had made” and needed her to “authorize” the transfer in order to receive it.

“They spoke to me with a lot of confidence. They told me the exact amount I had in the account. They gave me all the data, it’s as if they had been in my online bank. They even told me what kind of accounts I had,” he said. The third the student. It should be noted that this information is private and, under no circumstances, is it published by the establishment.

The executive gave her enough confidence and she was busy with her studies, so she didn’t give much importance to it. In fact, he took it as a good thing and authorized the transfer through his cell phone. The man informed her that everything was ready, wished her a good day and hung up. Then Constanza received an email from her bank – this time the real one – saying she had made a transfer to another account for the full balance she had.

Within minutes, the criminal who called Constanza had orchestrated the perfect crime. He had access to her online banking services (probably because she had inadvertently clicked on the link to a fake page, because a few days before she had “changed” her online password), she knew all of her personal information and the total amount she was managing in the account, and tricked her into transferring all of her money to himself.

Get someone to do something. This is the most general concept of what phishing means. This type of scam includes a series of techniques used by malicious people who want to get something from someone, be it sensitive data (like passwords) or go further, as in the case of Constanza , where once gaining access to her bank account, the offender did not have authorization to transfer money, which could only be obtained from her.

Phishing can be done through SMS, WhatsApp, social networks, emails and even by recording QR codes with the camera. Typically, the goal of scammers is to get the victim to enter links to pages they think are “safe” and gain access to their accounts.

However, this “username” and “password” that victims enter is information that comes directly into the hands of a cybercriminal, who will have access to bank accounts, entertainment, social networks and all kinds of sensitive information that they will use for their own purposes.

But how do they do it? Phishing scammers are able to create or buy fake websites from institutions such as banks, Internal Revenue Service (IIS), Netflix, iCloud and any kind of companies or institutions that interest them to get something. These pages impersonate you, so it is easy for them to obtain sensitive data or steal money from people, as many fall for it.

In fact, Nivel4, a cybersecurity consultancy and consulting firm, along with several prominent institutions in the country, have been testing “fake emails” to gauge the problem of these digital scams.

The results showed that in Chile, in March this year, 63% of people who received a fraudulent email opened it, 12% clicked on the link contained in the email and 8% entered their data on the fake site.

Hernán Moller, computer engineer and expert in cybersecurity and hacking and level 4 COO explains to LT that “no bank or company or institution is going to ask you for a password, they will never ask you for bank details or confidential information, because they already have all this information, so there is no need for them to ask you ask for it.”

“You must always doubt and ask yourself whether the information that is delivered can be used for fraudulent purposes or not before delivering it, however convincing it may be or seems”, adds the specialist, in addition to saying that they have identified that there are “phishing packages” for sale, where anyone with almost no computer knowledge can access and customize them to commit the crime.

And while it seems logical that adults and the elderly are easier prey for digital scams, due to the chasm that can exist in the management of technology, for Möller, the credibility of the pages he has seen in his experience makes him believe that anyone can fall

Although there are some clues that can help you recognize a fake page: if you receive an SMS or email from your bank or any other company you have an account with, check the spelling, make sure make sure the sender doesn’t look suspicious and don’t click on unknown links.

However, in the case of the elderly, the specialist’s recommendation is that they ask. “Ask, doubt is super important. Technology moves so fast that sometimes you don’t know you’re a victim of a phishing scam, you don’t know you’re a victim of a scam and if you ask, there’s there will always be someone who can alert you, especially the younger ones”.

According to data processed by the cybersecurity company, in Chile the people most likely to fall into the trap of phishing are aged 45 or older, but there are also a large number of cases of people between 20 and 35 years old, especially those who are starting their labor phase.

“Their responses are almost always ‘I haven’t seen it’ or ‘I haven’t checked.’ And it’s because of the heavy workload they have. And it’s that the fake pages can be super convincing, it’s very difficult to realize that, ”explains Möller.

“For us it is very important that the victim of this type of crime reports it as soon as possible”, says Inspector Víctor Celis, of the Metropolitan Cybercrime Investigation Brigade, in a conversation with LT .

And it is that in the complaint there may be key clues about who is committing the crime. “There is information that can be lost over time, such as links, the channel through which it was made, etc. Therefore, it is recommended to go and report the crime as soon as possible,” says Celis.

Since last year, law 21,459 on computer crimes has come to reinforce the work of the Investigative Police (PDI) team which prosecutes these crimes at national and transnational level, since it defines with precision the crimes involving phishing, so the research process promises to be quite comprehensive.

“It is a very common crime, although few people believe in it. And not so much of the elderly, but of all age groups and all social strata. It can happen to anyone, ”adds the inspector.

The appeal of the Metropolitan Cybercrime Investigation Brigade is to report these crimes to any police unit in the country, “in the nearest barracks, where they have the most confidence. They can help us better. In addition, he specifies that they can make contact by telephone with the various cybercrime brigades which will guide all victims on how to file a complaint.