Phishing is a way of fraudulently acquiring vital information such as usernames, passwords and details of credit debit card, by sending e-mails or over phone by creating an impression that it is from regulators, authentic organizations or individuals.
How is phishing carried out?
Phishing is usually carried out through hoax emails (with fake sender addresses), bogus websites with authentic logos and appearances, or phone calls imitating customer service centres. Phishing entices the target to click on malicious links or attachments which causes sensitive information to be transferred to wrong hands. The details so collected are then used to transfer money from the account of the victim. In another variety of phishing attack, the attackers entice the victim to install malware on the victim’s computer or mobile phone to steal confidential data or information stored in such devices.
The common form of phishing is broadcast phishing wherein a large number of people are targeted, through simultaneous e-mails to many addresses. The more damaging type is known as spear-phishing wherein the attack is targeted at a specific organisation or person.
The quantum of losses every year from phishing attacks over the globe is estimated to be around US$ 3 Billion.
What are the common traps used in phishing?
Preventing phishing depends on the awareness and smartness of the target. The risk of becoming a victim can be minimized by having awareness on the potential phishing traps and being alert.
Some of the common traps used by cyber attackers are
• Through email appearing to be from the regulator of banks or financial institutions, bank or financial institution itself, demanding confirmation of vital information relating to personal account. The emails convey the message that your account is blocked by regulator or the bank is going to close the account, unless you confirm the details immediately.
• Through phone calls pretending to be from the authorized call centre of the bank or financial institution or credit card issuer. The caller conveys some of the information of the victim collected by the fraudster from social media or other sources to create an atmosphere of trust and then entices the victim to reveal confidential information like PIN numbers, password, expiry date of card etc.
• Through email, claiming to be from conductors of foreign lottery or random pick by well-known companies, requesting your account details for depositing the fortune into your accounts.
• Through email wherein the sender claims to be in possession of huge sum of money as inheritance in a troubled country and needs the help of "someone trustworthy like you " to transfer the amount. The fraudster promises to share the quantum with you for your willingness to help him in an emergency situation and prompts you to share the details of your account.
How can one protect oneself from phishing?
Remember the following points to escape from phishing attacks.
• There is no free lunch and there is no valid reason for an unknown person to have trust in you to transfer huge some of money to your account.
• Never send any sensitive personal information via email or respond to emails demanding such details. No regulator or banks or financial institutions or organization asks for sensitive information.
• Always reach the official website of the bank or financial institution or the organization by typing the address into the address bar. Never follow the links mentioned or embedded in an unsolicited email.
• Open an email attachment only if you are expecting it and know the contents.
• Be cautious about compressed files (such as .zip and .rar files) and executable files (such as .exe files) as malicious files could be packed inside.
• If you want to cross check the authenticity of any communication, contact the organization directly by finding out the number from official website. Never contact at the number mentioned in the email.
• Never reveal entire personal information on social media. This information is a treasure-trove for fraudsters to create the first impression.
• Ensure that antivirus software is installed in your device and regularly updated to detect and disable malicious programs, such as malwares, viruses, spywares, etc. sent along with the phishing emails.
TheCS
