Phishing is one of the most common cybercrimes. In this kind of an attack, the attacker poses as a reputable entity such as your bank or any government agency via email or other online or digital communication. They embed links or attachments with the email and exhort the click on the link or open the attachment. Once clicked, the link or attachment has an inbuilt bug which can hijack your system, steal your information, extract passwords and other login credentials for various websites and can even empty your bank account.
Common Phishing schemes you must guard against
- Microsoft Office Files: One of the most common phishing attacks is in the form of emails masquerading as those from reputed government agencies, banks or companies. These emails contain a Microsoft Office File as an attachment. You are exhorted to update your credentials in the attached Word or Excel files. When you click on the file, you need to enable editing or macros. This step implants a trojan, malware or ransomware on your system. In order to avoid these attacks, do not open files from unknown vendors and scrutinize the email to check the authenticity. Keep your Microsoft version upgraded at all times.
- The angry customer: Just as customers are attacked, so are organizations. This kind of attack has a very angry customer sending out an email to the organization along with an attachment of an invoice or some other receipt. Customer care employees often look to solve consumer problems immediately. Clicking on the attachment attaches the bug on the employee’s computer and through it into the systems of the entire organization. In order to avoid this, employees must first confirm through the database whether the sender is actually a customer.
- False job listings: Online job boards have unsuspecting applicants looking for jobs. Once they click on the job listing and provide their email for follow up, they receive an email requiring them to fill in sensitive information. It is common for applicants in dire need of a job to fall for this trap. In order to avoid this, a person must first find out the company’s website, investigate the website, search if the business is legitimate, and locate an office address on their website. If you feel the company is lacking in any of these queries, do not fill in your details.
- Personal details update requests: Another common phishing attack, these are again emails sent from accounts that masquerade as those of reputed agencies. These emails contain an embedded link which will lead you to where your details, say, bank account details, need to be updated. Here, the entire website could be fake. In order to guard yourself against this trap, examine the URL and its authenticity. If the URL seems suspicious, do not open the link.
- Friend sends a link from their social media account: Your friend may not even know that their account is hacked. Someone might be using their social media account to send malicious links. Please be aware whether your friend is likely to send any links through their social media accounts? If no, do not open the link. If yes, then confirm with your friend whether they had indeed sent a link.
- Spear phishing: Another common attack, here the target is the organization. Public data about an individual from the organization is collected and fake accounts are created in that person’s name. Then, this data is sent to other email accounts within the organization. Since the accounts created to look real, these emails can exhort any sensitive data from the emails. In order to prevent this, CEOs must also get security training and the employees must avoid any suspicious attachments.
The above types of phishing attacks have become very common and with enhancement in technology, these attacks are also likely to become more sophisticated. It is thus important to be careful while sharing any personal information online. Those of you looking for a career in cybersecurity can enrol in one of the many cyber security courses online.