Phishing was a word in the beginning used to portray email attacks that were used to rob your online banking username and security password. On the other hand, the term has evolved and now refers to almost any email-based attack. Phishing uses social engineering, a method where cyber attackers try to fool you into performing an action. These attacks often start with a cyber unlawful person sending you a mail faking to be from someone or an identity you know or have faith in him, such as a friend/colleague, your bank or your favorite online website. These emails then tempt you into taking a step, such as clicking on a link/word opening an attachment or replying to a message. Cyber criminal’s technique these mails to look persuasive, sending them out to literally billions of people around the globe. The criminal’s don’t specifically target a person or have a mindset, nor do they know precisely who will fall victim of their attacks. They simply know the more emails they send, the more public they may be able to trick. Phishing attacks works in four ways:
• Harvesting Information: The cyber attacker’s aim is to prey you into clicking on a link/word and taking you to a website/blog that asks for your login and security password, or even your credit and debit card or ATM number. These websites look legitimate and lawful, with exactly the same pattern with originality, imagery and feel of your online bank, but they are frivolous websites designed by the cyber invader to steal your data.
• Infecting your computer system with malicious links: Once again, the cyber invader’s goal on you is to click on a link/word so that you fall a victim of their attack. However, instead of harvesting your information, their goal is to infect your personal computer. If you click on the link, you are connected to a website that without a sound launches an attack against your personal computer which if successful, will infect your computer.
• Infecting your personal computer with malicious attachments: These are phishing mails that have malicious attachments, including PDF files or Microsoft Office Documents. If you open these attachments they attack your laptops/computer and, if victorious, give the attacker complete control and power.
• Scams: These are attempted by criminal experts to swindle you. Typical examples include notices and messages that you have won the lottery, charitable institutions requesting donations after a recent disaster happened or a dignitary that needs to transfer billions of dollars into your nation and would like to pay you to aid them with the transfer. Don’t be trapped, these are scams prepared by criminal experts who are after your money.
PROTECTING YOURSELF AND BEWARE OF PHISHING
In most cases, simply opening a mail is safe and sound. For most attacks to work to one has to do something after reading the mail (such as opening the attachment, clicking on the word/link or replying to the request for information and). Here are some hints if an email is an attack:
• Be suspicious and aware of any email that requires “instant action” or creates a sense of emergency. This is a common technique used by criminal experts to rush public into making an error.
• Be suspicious and aware of emails that addresses “Dear Customer” or some other generic greeting. If it is your bank institution they will know your name and identity.
• Be suspicious of grammar or spelling errors; most business class proofread their messages carefully before sending the same.
• Never click on links. Instead, copy the URL from the mail and paste it to your browser. still better is to simply type and write the destination name and address into your browser.
• Hover your mouse over the link or URL. This will show you the real destination where it leads to if you actually clicked on it. If the true destination of the link and address is different and unlike than what is shows in the mail, this may be an indication of fraud and tricking you.
• Be suspicious and aware of attachments and only open that you were expecting.
• Just because you got n mail from your friend, colleague does not mean they have sent it. Your friend’s computer may have been infected with or their account may have been compromised with security and loosing password and malware is sending the mail to all of your friend’s contacts and lists. If you get a suspicious e-mail from a genuine friend, call them to verify that they sent it. Always use a contact number that you already know or can independently confirm, not the one that was included in the message for you.
If after reading an mail you are of opinion it is a phishing attack or scam might take place, simply delete the mail. Ultimately, using mail safely and secure is all about common sense. If something seems and is visible of suspicious or too good to be true, it is most likely an attack and trap for you. Simply delete the mail.
Resources:
Kanika seth, Computers Internet and New Technology laws 2013, 2013 ed.
Priti Suri and Associates, Open Sources and the Law, 1st ed. 2006.
https://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201302_en.pdf
Vinod Kapoor
INSTITUTION: University of Petroleum & Energy Studies (UPES), Dehradun.