Cyber security surveys suggest that phishing is the most common type of online attack, claiming more and more victims as technology advances. Because it occurs in many forms, it might be time to familiarize yourself with phishing. There are various tricks cyber criminals use to attract unsuspecting people. If you’re aware of them, it becomes easier to implement some preventive techniques against phishing.
Why should you take phishing seriously?
According to a recent study undertaken by The Economic Times, India ranks among the top five globally for the most high-profile cyber-attacks. Of the hackers, 90% are under the age of 35, out of which 58% are self-taught, which means technical education is not relevant, the report points out.
As our interactions with online media grow, so will the ways in which these attacks are carried out increase manifold. In the same report, ET states that Customer information, financial data and strategic plans of companies are the three most attack prone fields.
Phishing is a type of cyber attack which aims to steal sensitive personal information. Cyber criminals pose as some authority figure to bait you into volunteering information. Because the criminals are well versed in making it all look legitimate, these types of attacks are harder to catch in action.
Use of Emails as Phishing Bait
Phishing through Emails is increasing as more and more facilities to store data online emerge in the market. The most challenging part of phishing is detecting it in the early stages. Statistics by Retruster say it can take up to 50 days from when a breach occurs until it is reported. Reports say there has been an 11% rise in security breaches over the past year. This is cause for worry.
After it came to light that a staggering 13million USD was spent on dealing with the aftermath of a phishing attack, organizations big and small have jolted awake. It is good news that even small companies have started creating budgets for cybersecurity.
At a personal level, email can be used for phishing by attaching fraudulent links and too-good-to-be-true schemes in the body of the link.
Be on the lookout
As discussed above, the first thing a phishing attacker will use is an offer that appeals to you. Often, it might seem as if the thing or service that is being offered is just right for you. Don’t be fooled; there are means to carry out extensive background searches. This is done through data points which might be sold by telemarketers. That’s how these criminals might guess the offers you might be tempted to check out.
The second tactic cyber criminals use to bait you is to create a false sense of looming deadlines. They will put a validity date on the offer, or an expiry date on their link. They will try everything possible to get you to act fast. Never hurry. No legitimate organization is going to leave you with a short time to respond. If the criminals are posing as bank officials, the first thing you need to do is to contact a trusted individual at your bank and find out the truth of the matter.
Never click on suspicious links or download attachments if you cannot fully trust the sender. If the attacker is hiding behind a fake organization, check out their website for authenticity, hunt for reviews, read about them on the internet until you can be sure.
Last but not the least, rely on your gut instinct. Is the timing of the email a little too uncharacteristic? Do you feel you are being asked to upload documents or sensitive information that might cause trouble for you later? Does the person on the other end of your telephone conversation seem weird in any way? Do not hesitate to get out of the situation.
Help is right around the corner
One of the growing concerns related to phishing is Domain Impersonation. It occurs when an attacker appears to use a company’s domain to impersonate a company or one of its employees. If your Domain has no DMARC or DMARC policy set to None, any fraudster can send emails to your customers, vendors or business associate in your name to commit fraud.
We at Logix InfoSecurity stops such attacks with our multi-layered, multi-tiered security approach using the multiple threat intelligence detection & prevention tools.
Our Cloud Email Advance Threat Protection service accurately detects all the email-borne threats mentioned above. We specialise in scanning domain spoofing using Domain Authentication techniques of rDNS, SPF & Sender ID, DKIM & DMARC.