Cyber security challenges are growing along with the expansion of the internet – actually, the hacking world is growing faster. Cyber security involves protecting information and systems from major cyber threats. These threats take many forms. Phishing is a cyber crime in which targets are communicated by e-mail, telephone or text messages by someone pretending to be from a legitimate institution to tempt people into providing vulnerable data. Phishing is one of the most frustrating threats we face. Most of know what it is and how it works, but we still get caught out. The scam, which involves criminals sending messages that masquerade as legitimate organizations, targets hundreds of millions of organisations every day. Here are some of the most common ways in which they target people.
Most phishing attacks are sent by email. The crook will register a fake domain that mimics a genuine organization and sends thousands of generic requests. There are many ways to spot a phishing email, but as a general rule, you should always check the email address of a message that asks you to click a link or download an attachment.
Whaling attacks are even more targeted, taking aim at senior executives. Although the end goal of whaling is the same as any other kind of phishing attack, the technique tends to be a lot subtler. Tricks such as fake links and malicious URLs aren’t useful in this instance, as criminals are attempting to imitate senior staff. Scams involving bogus tax returns are an increasingly common variety of whaling.
Smishing and Vishing
With both smishing and vishing, telephones replace emails as the method of communication. Smishing involves criminals sending text messages and vishing involves a telephone conversation. A common vishing scam involves a criminal posing as a fraud investigator (either from the card company or the bank) telling the victim that their account has been breached. The criminal will then ask the victim to provide payment card details to verify their identity or to transfer money into a ‘secure’ account – by which they mean the criminal’s account.
Cybercriminals are attacking the computer networks and systems of individuals, businesses and even global organizations at a time when cyber defenses might be lowered due to the shift of focus to the health crisis. Recently, the Indian Government has warned against a large-scale cyber attack against individuals and businesses, where attackers may use COVID-19 as bait to steal personal and financial information. India’s cyber security nodal agency, CERT-In has issued an advisory warning that the potential phishing attacks could impersonate Government agencies, departments and trade bodies that have been tasked to oversee disbursement of Government fiscal aid. The phishing campaign was expected to start on June 21, 2020 with cyber attackers using email IDs such as “firstname.lastname@example.org”, it added. The attackers are expected to send malicious emails under the pretext of local authorities that are in charge of dispensing government-funded COVID-19 support initiatives. “Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information,” Indian Computer Emergency Response Team (CERT-In) said in its latest advisory dated June 19. The advisory noted that the “malicious actors” are claiming to have 2 million individual/citizen email IDs and are planning to send email with the subject line: free COVID-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad in a bid to coax users to disclose personal information. “It has been reported that these malicious actors are planning to spoof or create fake email IDs impersonating various authorities,” it cautioned. CERT-In, in its advisory, outlined a list of steps for users to protect themselves, including not opening attachments in unsolicited emails even if it comes from people in the contact list. It has asked users to encrypt and protect their sensitive document to avoid potential leakage. It also urged people to use anti-virus tools, firewalls and filtering services and asked them to report any unusual activity or attack immediately to CERT-In. With an increasing number of countries encouraging citizens to stay, learn or work from home, now is the moment to focus on cyber security, whether it’s for yourself or your workplace. Now, the question arises, what remedial measures needs to be taken to cop up such types of cyber threats. The users must keep in mind following points, which may prove to be a boon for computer security is: –
1) Keep your information safe.
2) Back up all your important files, and store them independently from your system (e.g. in the cloud, on an external drive).
3) Always verify you are on a company’s legitimate website before entering login details or sensitive information.
4) Ensure you have the latest anti-virus software installed on your computer and mobile devices.
5) Secure email gateways to thwart threats via spam.
6) Download mobile applications or any other software from trusted platforms only.
7) Perform regular health scans on your computers or mobile devices. 8) Do not click on links or open attachments in emails which you were not expecting to receive, or come from an unknown sender. As always, if you believe you are the victim of a crime, alert your local police. The author likes to conclude this write up by this message: – Cyber Security is a shared responsibility, and it boils down to this: in cyber security, the more systems we secure, the more secure we all are.
The author is Cyber Passionate (J&K)