JSC State Technical Service

The number of phishing attacks is increasing every year, and the methods of “phishers” are becoming more sophisticated. The victims of phishing attacks are ordinary Internet users, entrepreneurs and entire companies. There are many tricks of attackers aimed at obtaining confidential user data with their further use for selfish purposes, including withdrawing funds from bank cards.

For the first time, the concept of “phishing” was used in 1996, when attackers, posing as employees of a large American Internet provider AOL (America Online), collected user identification information (usernames and passwords). As a result, spam was sent on behalf of these people.

In order not to become a victim of fraud, KZ-CERT experts recommend following the following recommendations:

• Be suspicious of unwanted phone calls, e-mail messages, especially with links from people who request employee data or other internal information. If an unknown person claims that he is from a trusted organization, then his identity should be checked directly with the company.

• Beware of opening questionable links received in messengers and social networks.

• Do not share personal, confidential and corporate information about your organization if you are not sure that the person has the authority to receive such information.

• Do not disclose personal or financial information by email.

• Do not send confidential information over the Internet if you are not sure of the legitimacy of the Internet resource.

• If you are not sure whether an appeal or an e-mail request is legitimate, then you should check it by contacting the company directly. At the same time, do not use the contact information specified in the letter or by the link from the letter.

• Use antivirus software and update its databases in a timely manner, use email filters to reduce the number of phishing mailings received.

• Take advantage of all the anti-phishing features offered by your email client and web browser.

• Use two-factor authentication (2FA).

• Do not tell anyone the three-digit CVV/CVC code (on the back of the bank card). And do not report the incoming SMS code from the bank.

If you encounter an information security incident, please inform our specialists by toll-free number 1400 (around the clock) or send a request to the Telegram chat: https://t.me/kzcert .