PHISHING ATTACKS - BE VIGILANT, BE SAFE

writeImage
Amruta Deshpande, Software Architect

What are Phishing attacks

Any fraudulent communications over emails, SMS, phone calls or any other communication mediums that most of the times look like coming from a trustworthy source which intend to leverage human emotions and steal sensitive information like passwords, gain access to systems and create harm by installing malwares or even worst, by making fraudulent monetary transactions.

Phishing attacks are the type of cyber-attacks that are most prevalent and harmful. Amid the Covid-19 pandemic such attacks rose by almost 300% last year in India to reach 1,158,208 compared to 394,499 in 2019

According to published statistics, 75% of organizations around the world faced phishing attacks in 2020. There has been a substantial increase in Business Email Compromise (BEC).

Common types of Phishing attacks

 

How does it work

Gone are the days when you get a call or SMS saying “you won a lottery” and you say laughing “I never bought a ticket dude, don’t try to trap me”. Now the attackers often study the victims to find an opportunity to be able to pretend themselves to look more authentic and trustworthy. They make use of victim’s social accounts and the information shared over these accounts. E.g., it is very easy to find out names of a person’s colleagues and their professional email IDs and then pretend to send an email on behalf of the colleagues whom the victim readily trusts. The email convinces the victim that there is some kind and of emergency and an immediate action is required. The victim tends to give out sensitive information and the attacker captures this information and then uses it to cause damage.

Detect a Phish, be vigilant, stay safe

Companies implement security policies to protect their data assets, to ensure that only legitimate users that is their employees gain access to the rightful data. But what if any of these legitimate system user’s account gets compromised? Hence it is equally essential to ensure vigilance among employees against vulnerabilities, as it is to implement security policies.

At personal level

Protect your passwords
1

Protect your passwords

Use strong passwords, include combinations of letters, numbers, special characters
Do not use same password across
multiple accounts Keep changing your passwords frequently

 

2

Stop before responding to any communications that arouses the sense of emergency and insist urgent actions

e.g., a Phone call that tells that “Your credit card will be disabled if you do not update your information immediately. You will get an SMS, now with a link in it. Please update your details to avoid inconvenience”.

 

3

Pay attention to look-alike domains in communications

Always cross verify the source of communications and any signs that look suspicious. E.g., you get an email from someone@hdfcbanck.com asking you to login to the bank immediately, that someone can be very familiar to you at the bank but pay attention to the domain part of the email it is “banck” here not “bank”.

 

4

Be careful with emails having suspicious attachments

The emails can have malicious attachments. Make sure the email is coming from a trusted source before opening any attachments.

 

5

Identify impersonated brands or suspicious subdomains in the links

e.g an offer coming from amazon.offers.in can be dangerous. Look at the domain carefully. “amazon” in the link is actually a subdomain and “offers.in” is the real domain.,

 

6
Be careful about the communication sent from less frequent or unknown sender.

 

At enterprise level

1
DMARC, DKIM and SPF protocols can be powerful tools in determining whether email sent from a domain is legitimate or not

 

2
Run Security awareness training programs for the employees

 

3
There are a good number of email scanners that can be useful to detect most of phishing emails coming your way and take them down even before they reach the inbox of the employees

 

Conclusion

Phishing attacks are on a quick rise in India as well as all over the world. There are smart ways being used by the phishing attackers, and you must be smart in sensing the problems and protecting your assets against these dangers.

As it is very important in protecting the data of the enterprises, it is equally important in personal level transactions too. Ultimately the companies care for their employee’s wellbeing equally.

So be vigilant, stay safe!