Phishing Attacks: How To Avoid Getting Hooked


Gone are the days when demanding ransom involved a complex process of managing and coordinating with a team of people, planning and strategizing the crime and then executing it by taking someone hostage. In today’s digital-age all this can be accomplished by working in the shadows, sipping your hot coffee in the confines of an air-conditioned room, while listening to your favorite music. Yes, ransomware - a process that uses malware to take your electronic data hostage and demanding money has become a big business and its draining money from our accounts quite efficiently, without much sweat and effort on the part of the crook.

On a normal day, the crooks can catch you off-guard with a typical phishing attempt; i.e. they’d dangle an enticing too-good-to-be-true offer in front of you in an email and hope you take the bait. You will be surprised to learn that they have been very successfully in hooking victims repeatedly because phishing is simpler than you think, and profitable! And, to make it more difficult for you to spot an illegitimate offer, the crooks are capable of targeting you basis your ethnicity and habits. India is one of the most vulnerable to such geomalware attacks as per a SophosLabs survey.

Phishing represents a very serious threat to both business and individuals. Reports estimate that the overall cost of cybercrime will reach Rs135 trillion by 2019.

The proportion of security services revenue will increase to 66 per cent by 2020 from 61 per cent revenue. Since enterprises in India are not well-equipped with IT security, there is a greater need to address these areas.

But what is phishing? Let’s look at an analogy. Akin to you requiring a key to open the lock to your home or a 4 digit PIN to withdraw cash, the crooks require your support to click on a malicious link to enter into your system or network. In short, they phish, for the weakest link in the system that will enable them to culminate their attack into tangible profits.

These enterprising cybercriminals have realized that it’s easier to exploit vulnerable people than technology.  So users are presented with fraudulent emails, texts and social media messages designed to look like the real deal. The information looks so credible that you are enticed to click on a malicious link or open an attachment.

India has seen hundreds of organizations that have been victims of cyberattacks. Just recently, malicious phishing websites created by cyber criminals were discovered, that tricked banking customers into sharing personal information with them. To make things look real, a lookalike domain was registered as an online payment gateway but was actually a phishing website that was capturing login information of customers of 26 banks operating in the country. It’s alarming to note that in 2016, 31 per cent of company cyber breaches were caused by phishing scams, with employees opening malicious attachments.

India’s share in ransomware attacks continues to rise as depicted by our threat exposure rate that stands at 16.9 percent, among countries, with the highest percentage of endpoints exposed to a malware attacks, according to a recent research conducted by Sophos Labs.

Nearly 11,592 cybercrime cases were reported in 2015 and the threat scenario is likely to become severe with the growth in ecommerce sales and the rising mass usage of digital platforms and electronic transactions. This year will see such threats evolve more as cybercriminals will look for new ways to evade detection with lucrative threat methods. Phishing and social engineering will dominate as an attack method and there will be a shift from exploitation to targeted social attacks. For instance, the Legion break proved that it is possible for threats to sneak in undetected.

We however can turn the tide on these phishing expeditions by taking some simple preventative steps. Firstly, know what to look for. Education is the first defense, and the ability to differentiate between legitimate and fraudulent emails is vital. Domain names, spelling errors, and low-resolution or out-of-date logos can expose a fake email.

Be wary of unsolicited attachments. The crooks bank on you blindly opening any document you’re sent. Be skeptical when receiving emails purporting to be from a bank, tax office or insurance provider.

Think before you act.  Your curiosity can put you, your data, your money or your IP at risk. If you’ve received a suspicious email from a friend, call them to check the situation.

It can be tough to spot a fake email. A better option would be to entrust phishing threat detection to the experts. Many organizations are using advanced phishing attack simulator and training solutions to better educate their staff about the dangers of phishing while not taking any risks.

Our digital world is constantly under attack by cybercriminals. All of us should be doing more to improve the security of data. By raising awareness and educating people we are essentially patching the biggest weakness hackers can exploit.

[Disclaimer: The views expressed in this article are solely those of the authors and do not necessarily represent or reflect the views of Trivone Media Network's or that of CXOToday's.]