IT’S NOT FISHING IT’S PHISHING!

 

There was a time when fishing was in trend but it’s the new digital world of new India and here the trending hashtag nowadays is not fishing it is phishing. Yes, you see it written, the homophones type these words are too way different. The only similarity between these two is the process of capturing the fish in the former and the customer for fraud in the latter one.

WHAT IS PHISHING?

Phishing is a new type of cyber-attack often called a social engineering attack, commonly used to steal users’ data, like login credentials and credit card numbers. It occurs when an attacker, pretends to be a trusted entity to the customer and dupes a victim by making the individual open things like email, instant message, or text message which looks like valid ones but in reality, it would be consists of fraud data. Once the recipient gets tricked into clicking a malicious link, then the installation of malware starts, or the freezing of the system as part of a ransomware attack or the revealing of sensitive information, etc.

TECHNIQUES OF PHISHING

1)    SPEAR PHISHING:-

In this, the fraud individual targets a specific person or enterprise or some high authority level individual or company, as opposed to random application users. It’s a more in-depth version of phishing as it requires special knowledge about that particular organization, including its power, structure, and also confidential matters.

An attack might play out as follows:

A.      The fraud dealer does research and finds names of employees within an organization’s marketing department and gains access to the latest project invoices to look genuine.

B.      Acting as the marketing director, the attacker emails a departmental project manager using a genuine subject line. The text, style, and included logo duplicate the organization’s standard email template and the email seems like the same one with the same pattern that you won’t be able to recognize in one go.

C.      The link in the fraud email redirects you to a password-protected internal document, which is in actuality a spoofed version of a stolen invoice to misguide you.

D.     The Person is then requested to log in to view the document. The attacker steals his credentials, gains full access to sensitive areas within the organization’s network, and does the spear phishing with you.

 

2)   EMAIL PHISHING:-

This phishing is based on a number of game things. An attacker sends out thousands of fraud messages to get the net significant information and sums of money, even if only a small percentage of the person falls for the scam.

Just like spear phishing here they again try to create the same spoofed email or texts to fraud you. In addition, attackers will usually try to push users into action by creating a sense of urgency and taking the victim into confidence of genuine.

The poor part is the links inside the messages resemble the legitimate counterparts, but also have a typically misspelled domain name or extra subdomains. Like https://www.bajajfinservmarkets.in/ and http://www.bajajfinservemarket.in/.

Similarities between these two addresses offer the impression of a secure link, making the recipient less aware that an attack is taking place and the next click it happens

 

HOW TO PROTECT YOURSELF FROM THIS SOCIAL ENGINEERING ATTACK!.

Phishing attack protection requires steps to be taken by both users and enterprises to stay away from this attack.

For users, vigilance and awareness is the key. A spoofed message often contains mistakes that expose its true identity and these are easily catchable. All you need is to see it in patience and with awareness. These can include spelling mistakes or changes to domain names, as seen in the earlier URL example of email phishing. For enterprises, a number of steps can be taken to mitigate both phishing and spear phishing attacks:

·         Two-factor authentication (2FA) is the most effective method for protecting from phishing attacks, as it adds an extra verification layer when logging in to sensitive applications. 2FA relies on users having two things: something they know, such as a password and user name, and something they have, such as their smartphones with their confidential information.

  • In addition to using 2FA, organizations or individuals should enforce strict password management policies. For example, employees should be required to frequently change their passwords and not be allowed to reuse a password for multiple applications or use different and not easy passwords to log in.
  • Educational campaigns and awareness campaigns can also help diminish the threat of phishing attacks by enforcing secure practices, such as not clicking on external email links and getting authenticated information from the genuine service provider,      etc.

 

 

Comments

Post a Comment

Popular posts from this blog

NetMission.Asia Ambassador: A journey of Exploring Internet Governance through an Asia Pacific Perspective"

Initially, my encounter with the term " internet governance " left me with a vague understanding, as Google's explanation provided only a basic overview. However, my curiosity was piqued, prompting me to delve deeper into the subject. This journey into the realm of internet governance commenced last year, around mid-April, with my involvement in 'Youth Internet Governance-INDIA' (https://youthigf.in/). Through YIGF-India, I gained valuable insights into Internet governance, particularly from the perspective of my home country, India. Expanding my horizons to encompass the Asia Pacific region, I embarked on a new path with NetMission.Asia (https://netmission.asia/). NetMission.Asia is described as a network comprising passionate young individuals from Asia, committed to engaging and empowering youth in internet governance discourse. Their goal is to foster youth mobility and effect positive change within Asia through impactful initiatives in Internet governance. Th...
Read more

ICANN78: A fellow journey!!

Image
My journey as an ICANN fellow began just a few months back when I received that all-important email from our fellowship program manager, letting me know that I had been selected. But, here's the twist - I didn't actually check that email until the following day. I guess I was caught up in the busyness of life and didn't realize what a significant moment it was. Yes, before proceeding further, for those who don't know what ICANN is?  Internet Corporation for Assigned Names and Numbers (ICANN) is a non-profit, American-based organization that operates as a multi-stakeholder group. It is tasked with overseeing the management and protocols governing various databases associated with the naming and numbering systems on the Internet. Its primary mission is to guarantee the stable and secure functioning of the global network. Returning to my account of this journey, once I had confirmed my participation, our fellowship manager quickly became my primary point of contact. This w...
Read more

Networking!!

Image
Networking!! Networking or computer networking is a conduit that connects one node to another (devices) in network information. Networking is all about connecting, designing, using, managing and operating a network. The information can be between two users or segments and be sent in a local area network (LAN) or in a wide area network (WAN) connectivity. Networking works segments include diverse zones like calls, messages, video streaming, or other Internet of things (IoT). Network Types:  Networking can be defined in various types on the basis of designing, layers in the OSI model, components etc. We describe on the basis of the Physical layer of the OSI Model and Designing.       On the basis of the Physical layer of the OSI Model: Wired: The network requires a physical medium to travel to send the information from one device to another device. For example usage of ethernet cables in connecting computer devices to a common network in offices. This type of network i...
Read more