Computer fraud is a crime that involves obtaining a profit by damaging someone else's computer system. The damage can consist of modifying the functioning of the computer system or simply stealing sensitive data contained in that system. In many countries, it is a crime regulated by the Criminal Code and constitutes a particular type of fraud. Among the various types of computer fraud, we can mention social engineering and phishing.

Social Engineering

Social engineering can be considered an example of computer fraud in which an attempt is made to manipulate users into entering a system. perform compromising actions, such as disclosing confidential information.

The attacker, in this case, relies on people's willingness to help and takes advantage of their weaknesses. For example, a social engineering attack might involve contacting an authorized employee of a certain company and tricking them into providing immediate access to the company network or confidential information.

In general, social engineering exploits humans as the weak link in a computer system's security chain, leveraging not only greed and selfishness but also attitudes that in other contexts would be positive, driven by curiosity. and altruism.

Phishing

Phishing (sometimes also called pishing, which is simply misspelled) is an example of computer fraud. Phishing involves a malicious user (hacker) sending a fraudulent email. The email appears to come from a legitimate and trustworthy source, for example, because it mimics the style of a certain company or organization online, but in reality, it is not. The phishing link comes from the hacker, who sends it with the intent of convincing the recipient to provide sensitive data, directly or indirectly.

The deception can use social engineering techniques, for example, asking the user to click on a link to receive a prize. Clicking on the link triggers actions that can install a virus or other malware on the user's device. This malware can then provide the remote hacker with the sensitive data the user has on the device. Alternatively, the phishing link can lead to a fake website requesting personal data, which the user then provides. directly to the hacker who is deceiving them.

Although email service providers have filters that block many suspicious emails, numerous phishing messages still arrive in users' inboxes. The most important rule to follow to defend yourself from this attack is to check the link you are accessing before clicking on it, in order to verify that it really belongs to the company's domain and is not an attempt to imitate it.