Phishing :
Hacking Human Mind is much easier than hacking a computer or business. Attackers prey on human weaknesses like fear, greed, trust, desire, ego, sympathy, ignorance, carelessness, and haste.
Fraudsters Scam People using (1) Phone Calls – Referred as Vishing (2) SMS – Referred as Smishing (3) Email – Referred as Phishing
Phishing is a method of trying to gather personal/sensitive information using deceptive Phone Calls, SMS, E-mails, Blogs, and Website and then steal data or money from the Victims. The analogy is of an angler throwing a baited hook (the phishing email) and hoping the victim to bite. It appears to be an increasingly sophisticated, form of cyber-attack but is just that, they play with common sense and steal from Individuals.
The availability of data on the dark web makes it easy for cybercriminals, even those with minimal technical skills launch phishing campaigns. Jamtara a serial on Netflix is a direct replica of how phishing is done at Jamtara, a city in Jarkhand State.
Once the data from the dark web is purchased, all the attacker needs to do is send out emails, SMS, WhatsApp messages to potential victims. Phishtank and OpenPhish are few sites where crowd-sourced lists of known are kept and often referred to as phishing kit sites.
Often Malware is also sent via Phishing emails and their aim is to infect victim devices with malware. Often the messages are soft targeted, to illustrate an example they will send a spoofed email as boss (CFO) with a request to transfer a fund on an urgent and priority basis, many corporates have fallen to this fraud. Few emails often used for phishing contain .zip files or Microsoft Office documents with malicious embedded code with some of them leading to ransomware.
Other forms of phishing are (a) Spear phishing – Where fraudsters try to send a spoofed message to appeal to a specific individual (b) Whale phishing – A form of spear phishing aimed at the very big fish i.e., CEOs or other high-value targets.
If you have been a victim of Phishing, Report to National Cyber Portal at https://cybercrime.gov.in/, It hardly takes few minutes and you don’t even need to visit the Police Station to register a complaint.
Psychological factors used by scammers :
- Trust: Exploiting that impulse is the basis of social engineering.
- Ignorance: Lack of knowledge about social engineering attacks makes people and organizations vulnerable, pretending they are in a position of authority (like executive or manager of any bank).
- Fear: People are afraid of loss, and fraudsters exploit people’s fears. For example, they might send a message or make a call warning about the possible loss of employment or money, or access.
- Greed: Scammers/fraudsters promise rewards in exchange for divulging information, it will be in the form of seeking advance taxes or security deposits or customs fees before they actually receive.
- Moral duty: People often feel obliged to help scammers/fraudsters when asked for help especially seeking donations during floods or Covid19
- Urgency: A scammers/fraudsters might call or email in the guise of a high-ranking chief executive officer who requires an urgent transfer of funds, they usually spoofed emails posing as their boss.
- Panic / Anger: People don’t think clearly when they’re pressured to act quickly. When social engineers call you pretending to support and provide a frantic scenario that compromises your safety (like resetting the expiry date of your credit/debit card)
Digital Safety Tips :
- Verify the short URLs / Links using www.unshorten.it or https://www.checkshorturl.com , even if it was sent by known sources
- Double check a weblink link before clicking or downloading attachments sent by unknown contacts, they will lead to unfamiliar site (Hover over them and check) and verify all links using www.isitphishing.org or www.urlvoid.com
- Never send sensitive, personal, or proprietary information via email, regardless of who is asking for it.
- If you get an email asking for a fund transfer, even it was from your boss (It could be a spoofed email), first check complete headers of the email using https://mxtoolbox.com/EmailHeaders.aspx or https://dnschecker.org/email-header-analyzer.php
- You will notice poor spelling and grammar throughout the email or SMS
- Links / Forms asking for personal information (Passwords & Bank Information)
- Never search for customer care numbers on Search Engines – Open the respective app or respective application’s website for the correct customer care number.
- Scanning QR Code or giving OTP, UPIN, Bank Card and CVV number’s, means you are TRANSFERRING the money from YOUR account and NOT Receiving.
- Enable Two Factor Authentication (2FA) for all social media, banking and email accounts
- Never share your screen while doing banking or when logging onto social and email accounts.
- Install Original Anti Virus and Anti Malware software on your devices.