Newsbytes
  • India
  • Business
  • World
  • Politics
  • Sports
  • Science
  • Entertainment
  • Auto
  • Lifestyle
  • Inspirational
  • Career
  • Bengaluru
  • Delhi
  • Mumbai
  • Videos
  • Phone Reviews
  • Find Cricket Statistics
Hindi
More
Newsbytes
Hindi
Newsbytes
User Placeholder

Hi,

Logout


India
Business
World
Politics
Sports
Science
Entertainment
Auto
Lifestyle
Inspirational
Career
Bengaluru
Delhi
Mumbai
Videos
Phone Reviews
Find Cricket Statistics

More Links
  • Videos

Download Android App

Follow us on
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
 
Home / News / Science News / #NewsBytesExplainer: What are phishing attacks and how to avoid them?
  • Science

    #NewsBytesExplainer: What are phishing attacks and how to avoid them?

    Shubham Sharma
    Written by
    Shubham Sharma
    Twitter
    Last updated on Jun 21, 2020, 05:32 pm
    #NewsBytesExplainer: What are phishing attacks and how to avoid them?
  • A few hours ago, the Indian Computer Emergency Response Team (CERT-In) issued an advisory warning about a massive phishing attack campaign.

    The agency said that the attack is being planned by certain malicious actors and is likely to start today, targeting both individuals and businesses in India.

    So, what exactly is a phishing attack and how can you avoid it? Let's find out.

  • In this article
    First, let's understand phishing What happens in phishing attacks? Attack vector remains same most of the time Only the topic of persuasion differs Indian Government has warned about COVID-19-related phishing If you fall for it, information is stolen immediately In some cases, visiting fake websites will download malware How to spot a phishing attack? What are the other ways? Double check with the agency, organization in question What to do after identifying a phishing email
  • Phishing explained

    First, let's understand phishing

    First, let's understand phishing
  • One of the oldest in the hacking book, phishing is a cyber-attack that revolves around exploiting people's emotions and ignorance.

    In regular hacks, the attacker directly compromises the system of the target by exploiting hardware/software vulnerabilities and steals their personal/financial data.

    However, in phishing, the individual is targeted, or you can say tricked, into giving their information willingly, much like non-electronic confidence scams.

  • Working

    What happens in phishing attacks?

  • When phishing attacks are carried out, the hackers pretend to be a reputable source, social engineer their target, and win their confidence.

    They masquerade as a renowned government entity, business, or individual and encourage the target to fill out a form or download something, eventually fooling the unsuspecting person into giving away their confidential personal or financial information.

  • Attack vector

    Attack vector remains same most of the time

    Attack vector remains same most of the time
  • In most cases, phishing attacks are carried out via fake emails and websites.

    The hacker compiles a list of publicly available email addresses (leaked previously) and creates a fake email address of a reputed organization or agency as well as a website rigged to collect information.

    Then, they use the fake email to target all the compiled accounts with the rigged website.

  • Message

    Only the topic of persuasion differs

    Only the topic of persuasion differs
  • While the use of fake emails and websites remains constant, the message could vary.

    Attackers could use a range of topics to exploit their targets' fear, greed, love, and other emotions to trick them into visiting the malicious website and submitting their data.

    They could offer rewards/grants, prizes, free vacations, treatments, or create a sense of urgency, like, by warning about expiring bank accounts.

  • Warning

    Indian Government has warned about COVID-19-related phishing

    Indian Government has warned about COVID-19-related phishing
  • In its warning, CERT-In has warned about phishing attacks related to COVID-19 grants announced by the government.

    The agency has emphasized that the malicious actors, presumably from North Korea's Lazarus group, have got 20 lakh emails and are looking to use them to target Indian individuals and businesses with "emails under the pretext of local authorities in charge of dispensing government-funded COVID-19 initiatives."

  • Impact

    If you fall for it, information is stolen immediately

  • If you fall for a phishing attack, the fake website or the page mimicking the site of an official source could request for information ranging from credit card numbers to personal details to account login information and passwords.

    Once provided, this data goes directly to the hackers' servers and they can use it for financial scams, online identity theft, and various other crimes.

  • Information

    In some cases, visiting fake websites will download malware

  • Notably, in some cases, visiting the phishing website through any link received via email could also download malware which may compromise or lock your device and automatically mine critical information from its storage as well as steal passwords.

  • Detection

    How to spot a phishing attack?

    How to spot a phishing attack?
  • To dodge phishing, one needs to know how to recognize such deceptive emails in the first place.

    For this, you should look at the domain of the sender's email; if a mailer is claiming to be a government employee, they should be using an official email domain, not something like gmail.com.

    To find the official domain, you can simply search with the company's name.

  • Other ways

    What are the other ways?

    What are the other ways?
  • Among other things, you should look for things like spelling errors in the email domain (@paypaal.com instead of @paypal.com) and grammatical/spelling errors in the message itself to spot phishing.

    Meanwhile, Gmail's filters will also do the job of warning about potential phishing-focused emails.

    Specifically, the email service displays a direct banner saying that the message looks dangerous and has been used to steal information.

  • Double check

    Double check with the agency, organization in question

    Double check with the agency, organization in question
  • In case, an email looks very convincing (thanks to smart attackers), you should directly check with the organization mentioned in the message about the pitched matter.

    If their website or customer representative confirms the same, you could proceed. If not, you would know that it's a phishing attack, which has to be avoided.

    The key is to stop for a second, reflect, and verify.

  • Action

    What to do after identifying a phishing email

    What to do after identifying a phishing email
  • Once a phishing email is identified, you should mark the message as spam and delete it, without interacting with its links/attachments.

    If you think you have fallen for a phishing attack and given away information on a fake website, change the information divulged, and enable 2FA on all related accounts.

    If any card information is leaked, contact your bank immediately for the next steps.

  • North Korea
  • India
  • Phishing Attack
  • Indian Government
  • Lazarus
  •  
Latest News
  • Only presenters, nominees, and guests to attend 'in-person' Oscars 2021
    Only presenters, nominees, and guests to attend 'in-person' Oscars 2021
    Entertainment
  • Manchester City beat Everton in FA Cup: Records broken
    Manchester City beat Everton in FA Cup: Records broken
    Sports
  • All England Championships: PV Sindhu loses semi-final to Pornpawee Chochuwong
    All England Championships: PV Sindhu loses semi-final to Pornpawee Chochuwong
    Sports
  • Some tips to alleviate back pain while working from home
    Some tips to alleviate back pain while working from home
    Lifestyle
  • Some trendiest new haircuts to opt for in 2021
    Some trendiest new haircuts to opt for in 2021
    Lifestyle
Related Timelines
  • Avoid calls from numbers starting with +92: Government
    Avoid calls from numbers starting with +92: Government
    India
  • New Android malware can steal your banking credentials, Government warns
    New Android malware can steal your banking credentials, Government warns
    Science
  • #WeeklyRecap: Cyber attack warnings, Chrome spyware, voice tweets, and more
    #WeeklyRecap: Cyber attack warnings, Chrome spyware, voice tweets, and more
    Science
  • 'Massive' phishing attack likely against Indian individuals, businesses: Government
    'Massive' phishing attack likely against Indian individuals, businesses: Government
    Science
Trending Topics
Samsung OnePlus Mobiles Android TV Smart TV Latest Gadget Launch MediaTek Dimensity 1000+ COVAXIN Latest Tech News Upcoming Mobile Phones
Next News Article
Share
Cancel

Want to share it with your friends too?

Facebook Whatsapp Twitter Linkedin
Copied

Love Science news?

Subscribe to stay updated.

Science Thumbnail
India News Business News World News Politics News Sports News Science News Entertainment News Auto News Lifestyle News Inspirational News
Career News Bengaluru News Delhi News Mumbai News Bharti Airtel Mukesh Ambani Twitter Indian Premier League Samsung Virat Kohli
Rohit Sharma Cricket News YouTube Hollywood News WhatsApp Bollywood News ISRO Yoga Honda Batman
Football News BMW Vaccine Reliance Jio OPPO Food News, Healthy Recipes Royal Challengers Bangalore Toyota Fashion Tips West Bengal Elections
Amitabh Bachchan Mercedes KL Rahul Isha Ambani India Vs England Cricket OnePlus Mobiles Android TV Smart TV Marvel Comics Avengers
Neha Kakkar Big Bang Theory X-Men TATA
About Us Privacy Policy Terms & Conditions Contact Us News Reviews News Archive Topics Archive Find Cricket Statistics
Follow us on
Facebook Twitter Linkedin Youtube
All rights reserved © NewsBytes 2021