Phishing is an act of fraud or cybercrime of attaining sensitive information such as usernames, passwords or credit card details by making the target believe in some fake information and giving the access to the data.
This is mainly carried out by email spoofing, instant messages or text messages. Phishing often directs the users to a false website which actually looks like the original one and make them to share personal information.
In other cases, phishing is one of the tools used for espionage or by state-backed hacking groups to spy on opponents and organisations of interest.
And anyone can be a victim, ranging from the Democratic National Committee in the run up to 2016 US Presidential Election, to critical infrastructure, to commercial businesses and even individuals
It’s estimated that 3.7 billion people send around 269 billion emails every single day. Researchers at Symantec suggest that almost one in every 2000 of these emails is a phishing email, meaning around 135 million phishing attacks are attempted every day.
Most people simply don’t have time to analyse each and every messages that land on their mail box. This advantage is exploited by the cyber hacks.
Why the name Phishing?
Phishing is a modified word from the term “fishing” except in this instance the one doing this fishing is the crook. The hackers use their sneaky email lure to catch their targets. Some of the early hackers were known as ‘phreaks’ or ‘preachers’ because they reverse engineered phones to make free calls.
Motive & possibilities
- To be good and true
Eye catching offers and attention grabbing statements grabs people’s attention easily.
- Creating a sense of urgency
Once a hacker fixes their target, they try to create an atmosphere of urgency so that the user doesn’t have time to rethink and will act spontaneously. When you come across mails like “few seconds to
respond”, just try to ignore them. Trusted sites give ample time for the users to process the information.
A link may not be all it appears to be. When you click to a link which may be a phishing link, it will redirect you another link which contains payloads like ransomware or others malicious viruses. The only file type that is always safe to click is a .txt file.
“Prevention is better than cure”
- To protect against spam mails use spam filters. These filters help to detect the origin of the message, software used to create them and then it analyses whether it’s a spam message or not.
- Update browser settings for preventing fraudulent websites. Browsers always keep a list of false websites and once you try to enter in them unintentionally, a warning symbol pops up preventing from moving ahead.
- Change password on regular basis. Never use same passwords for more than one account. Use CAPTCHA system for added security.
- Established organizations like banks and financial companies monitor every happening and prevent phishing. Security awareness program are carried out to employees to reduce risk.
- If there is any suspicious link in your mail, before opening it, hover over the URL first. Secure URL starts with “http”
- Two factor authentication (2FA) is the most effective method for countering phishing attacks.
Phishing is often used to gain foothold in corporate or Governmental networks as a part of large attacks, such as Advanced Persistent Threat (APT) event.
Warning! Someone is out there Phishing you. Know how & when
- You have received a mysterious text or call
Most of the social engineering focuses on email but it would be a
mistake to discount SMS message phishing and voice phishing. Check out for unusual messages or mails. It may contain harmful malwares that may contaminate your system.
- You have “won” something
Lottery scams pop up every now and then when we open unusual sites. This is a popular way to phish people’s bank account. Unfortunately this works and cases have been reported.
- Social media accounts are being weaponized
Social media gave rise to a particular form of “Spear phishing” that gets into people’s profile and steal their personal information.
Spin wheel activity in social media is another kind of tactic to attract the target.
- URL does not look right
Always check the URL before entering a site. Logical step is to run a Google or Bing search for the company and view the top results. The URL you have given should match what appears at the top of the search result page.
Don’t die a fish at the hooks of the cyber criminals! Take care