Skip links
    • Cyberdisti
    Phishing

    PHISHING AND HOW IT WORKS.

    Phishing is a form of social engineering in which cybercriminals manipulate or threaten individuals into revealing confidential information commonly through email, text messages, phone calls.  

    You can become a target of phishing attacks not only by individual scammers, but also through organized cybercrime groups that target people and organisations. 

    In a phishing scam, the scammer impersonates a ‘trusted’ person and sends fraudulent messages to the victim asking for monetary transfer, file downloads or clicks on potentially dangerous links. 

    Types of Phishing Attacks

    Phishing can occur in different forms, from email scams through to targeted spear phishing and smishing, all in an attempt to gather sensitive information. Some of the most common attacks include: 

    • Email Phishing – Probably the most commonplace form of phishing. The attackers send emails claiming to represent banks, companies or individuals, prompting users to click fake links that redirect to malicious websites. 
    • Spear Phishing –A form of phishing where the attacker targets a specific person or group. The target is usually a person with some access to sensitive information.  
    • Search Engine Phishing – Also called SEO poisoning or SEO Trojans. Hackers work to come at the top of a search using a search engine. Clicking on that link leads the user to the hacker’s website.   
    • Vishing – Phishing conducted through voice calls, where attackers pretend to be from trusted entities. 

    REAL-LIFE EXAMPLES OF PHISHING SCAMS.

    Google and Facebook Phishing Attack  

    The two companies were tricked $100 million between 2013-2015 in an extended phishing campaign.  

    The phisher exploited the fact that both Facebook and Google used Quanta, a Taiwan-based vendor. By sending fake invoices pretending to be from Quanta, the attacker tricked both companies into making payments.  

    Ubiquiti Networks  

    In 2015, Ubiquiti Networks is a US-based computer networking company, who lost $46.7 million in a BEC (Business Email Compromise) attack.  

    The attacker posed as the company’s CEO and lawyer, convincing the Chief Accounting Officer to wire funds for a fake secret acquisition. Over 17 days, 14 transfers were sent to accounts in Russia, Hungary, China, and Poland.   

    STEPS TO IDENTIFY AND AVOID PHISHING EMAILS.

    • Educate Employees on Phishing Techniques

    New phishing scams are developed as technologies proceeds to improvise.   

    Conduct awareness training and simulated phishing for all users is highly recommended.  

    • Check for Email Spoofing: 

    Scammers often fake email addresses to appear legitimate. Always verify the sender’s domain name. 

    Use email security solutions that detect and block spoofed emails.  

    • Examine the Email Signature:  

    Legitimate emails from companies usually include a professional email signature with contact details, logos, and disclaimers.   

    • Implement Corporate Email Security:  

    If you run a business, ensure enforcement of corporate email security policies. Include employee training, multi-factor authentication (MFA), regular security audits, and software patching  

    • Be cautious with pop-ups: 

    Block pop-ups from browser settings and only allow them when necessary.  

    If a pop-up appears, avoid clicking “cancel,” as it may lead to malicious sites.

    • Utilize End-to-End Encryption:  

    This helps to ensure that the data being transmitted between two points can only be read by the recipients only and not intercepted by any third party.   

     

    HOW TO STRENGTHEN YOUR SECURITY AND DEFENSE FROM PHISHING?

    • Provide Anti-Phishing Training to your Employees:

    All employees in the organisation must be trained on the awareness of phishing attacks, and how to recognise and address them

    The training should cover topics like understanding the types, not clicking on links, blocking popups, never give away sensitive information, etc.  

    • Deploy DMARC (Domain-Based Message Authentication)  

    DMARC is an email authentication protocol designed to protect your organisations against phishing and email spoofing.  

    Organisations can increase security of their email communications, and maintain control over their other domains.   

    • Using Antivirus and Cloud Email Security Solutions:

    Antivirus and Anti-malware solutions are not enough to keep your data protected at times.  

    Cloud email security solutions provide a centralised, cloud-based platform for securing your emails.  

    • Using a dedicated Anti-Phishing Solution: 

    Install anti-phishing software to help detect and prevent phishing attempts by filtering email,s blocking malicious websites, monitoring network activity, and providing real-time protection. 

    Partner up with Cyberdisti, your go-to cyber security solution provider in India, MEA, and Africa to fortify your digital presence, protect your data, and build resilience against cyber threats.