Phishing is the most common cybercrime attack that is happening nowadays. We get many calls, Phishing Emails and text messages from attackers who pretend to be from a genuine organization asking for our personal information like usernames and passwords, bank account details, and more. Using this information, they can perform any kind of theft attacks and also perform major financial transactions without the knowledge of the user.
Phishing attacks are not very new, they have been into existence from the 1990s with many unsuccessful attempts in the beginning and later leading to a successful online attack in 2001. First of all, how does this happen? Attackers, in this case, pretend to be legitimate organizations, the way they speak and the website they own everything looks genuine. We get messages and emails to verify our account details and personal information every day.
We even get messages like winning a lottery, bank account credited with one lakh rupee, and more. People with less awareness towards such attacks.They find such things attractive and visit the website and provide all the details that the website asks at least to see if they really get anything out of it. Such websites will always be fake but still looks like a real one and attacker will be able to grab all the personal information through this malicious website. So it is only through your response, the attacker is able to get everything he is looking for.
Normally more such attacks happen in a fancy way where they give you a time limit to avail such offers and not giving the users the right amount of time to understand or analyse what exactly is happening.
Sometimes we even get emails asking us to update our personal information immediately and failing to do so may terminate the account which is also one of the common phishing scams nowadays. No organisations will terminate accounts without giving you time and notification which the user should understand and the only way to escape is to ignore such emails. In case of doubt, you can directly contact the organisation and clarify.
The url (uniform resource locator) plays a major role in phishing attacks. Not every url you see is genuine and not every website you see is real. There are url’s that redirect you to a totally new website and there are url’s with slight spelling changes that force an user to click the link making them believe that it is genuine and gather as much information as it can.
Phishing Emails not just come with links but also with attachments which when opened may inject any malicious ransom ware to your devices. Such files will also have the capability to execute itself once it is downloaded or even opened by the user. We should also be careful who is sending us such emails, unless and until it is from a known person, most other emails are spam or Phishing Emails.
How to avoid phishing attacks?
First things first, never respond to unknown emails, calls or messages. We need to understand that no person from a bank will call and ask you for your bank details through phone. No one will randomly choose you and give you a lottery amount or deposit lakhs and lakhs of amount in your account for no specific reason.
All such calls and messages you receive are fake and the only amount of action they require from you is a ‘response’. If you don’t give a response, you are 99% safe and that is the primary and most precautionary way you can avoid phishing attacks.
Never leak your personal information to any resource knowingly or unknowingly to any requests that comes your way without properly verifying it. When you receive an email from an unknown contact, check what it is requesting and if there is any suspicious attachment or links which you are supposed to click or open, do not perform the action before verifying it.
In case if you are in a stage where you cannot neglect the email and wanted to check the link. Before opening it, you can verify if the link is genuine or not using this site called virustotal.com. This site has 100s of anti virus software which will check and tell you if the url is safe to open or not. After verifying, you can decide whether to open the link and respond or not.
If you have received a mail from a genuine company but still feel suspicious. You should contact the company and verify whether the email. You can also use spam filters that will determine whether the email is genuine or not, filters the spam emails from actual emails and also sometimes blocks such spam emails.
Normally banks and many major organizations always take steps to safeguard their systems and also take legal actions when such fraudulent attacks happen. So if you receive any call or message or email that asks to share any sensitive information you can contact the organization directly and report the issue.
Prompt Infotech, India