It Gets Phishy. What is Phishing, and How to Avoid It
This article kicks off our cybersecurity series. Cybersecurity a hot topic that affects everyone these days – from governments and corporations to regular users of the Internet. We hope that this series of PumaPay articles will help you stay secure.
Nowadays, cybersecurity is a mandatory topic on many macro agendas, including those of governments. Cybersecurity deals with technologies, processes and controls that have one mission – to protect systems, networks and data from cyber attacks. Efficient cyber security reduces the prospect of cyber attacks. It can protect organizations and individuals from the unauthorized exploitation of systems, networks and technologies. Yet, big organizations aren’t the only ones at risk.
It happens on a daily basis that we hear of attempts to obtain sensitive information such as usernames, passwords, and credit card details (money including), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. This is called “phishing” and can cost all parties involved if precautions are not taken.
What is “phishing”?
Phishing is a virtual fraud in which the cyber criminal poses as a known entity or person in email or other direct communication channels. Often, phishing emails are used to send out malicious links or attachments that can extract login credentials, account information, saved card details and more personal information. According to a report from the 2013 Microsoft Computing Safety Index, the annual worldwide impact of phishing could be as high as US$5 billion.
A typical phishing scenario is typically carried out by email or instant messaging and it requires users to enter personal information at a fake website, which is identical to the legitimate one and the difference is in the URL of the website in concern. In case of emails, the difference is just one letter, so be careful. Messages pretending to be from social web sites, auction sites, banks, online payment processors or IT administrators are often used to lure victims in this trickery.
How serious is it?
Phishing has caused serious problems to approximately 76% of the world’s organizations in 2017 solely. The percentages keep growing every year at an alarming rate. Last year, a phishing email to Google and Facebook users successfully induced employees into wiring money – to the extent of US$200 million – to overseas bank accounts under the control of a hacker who has since been arrested by the US Department of Justice.
Furthermore, in August 2017, Amazon customers experienced the Amazon Prime Day phishing attack, with hackers sending out seemingly legitimate deals to consumers of the American company. When buyers attempted to purchase any ‘deal’, the transaction would not go through, prompting the retailer’s customers to input data that could be compromised and stolen.
With the rise of cryptocurrencies, there’s a new wave of phishing with scammers pretending to be legitimate businesses approaching users with the limited-time offer, which can be paid immediately in cryptocurrency. The style of the message and communication can be impeccable, and many people proceed with sending funds immediately. With crypto transactions being irreversible, once the money is gone, it’s gone.
Phishing schemes keep getting more sophisticated and change so fast that even known companies that, in spite of the advanced anti-phishing systems and measures they take, such mishaps are a reality and can hit at any moment. The danger of phishing is acknowledged by most businesses and punished by law, yet any online user needs to pay attention to where and how personal information is given.
How to avoid phishing?
A first step is to educate yourself how to identify phishing messages, what sort of information is key to attacks, but there are ways that can reduce successful attacks. A gateway email filter can trap many mass-targeted phishing emails and reduce the number of phishing emails that reach users’ inboxes – often you see lots of email in your “Spam” folder with “deals”. Stay away! Deleting those emails is the best course of action.
When it comes to offers from retailers, double check the official website for deals and thoroughly go through the details. Often, it is wise to look over the details such as the format of email address, the graphics, colors and fonts of the email sent to you and compare it to the original. Fraudsters can fake it, but do your due diligence with any too good to be true deal.
Finally, what we learn from all cyber attacks is the increasing need of securing systems and educate people on the risks. Phishing is constantly evolving to adopt new forms and techniques. With that in mind, it has become imperative for organizations to invest in security updates that could prevent flaws in their own technology and keeps legit businesses on top of emerging phishing attacks. And for us, regular users, being paranoid about everything that comes to our Inbox is truly the best course of action.