Spot the phish before it spots you: Tips and tricks to recognize and combat phishing attacks

Since technology has become embedded in our lives, nine out of ten users have become more vulnerable and prone to scammers. These virtual con artists have started adopting black hat hacking or unethical hacking with the false intention of committing fraud, stealing sensitive data and violating privacy.

According to Norton Labs' recent study, "India witnessed over 1.5 crore cyber threats in the second quarter (Q2) this year, an average of more than 17.5 lakh attacks per day. In the April-June period, Norton thwarted over 900 million threats or around 10 million threats per day globally. During those three months, there were 22.6 million phishing attempts and 103.7 million file threats globally." 

Phishing begins with fraudulent emails and other communication modes designed to lure a victim. The mail or information is made to look as if it comes from a trusted source and is legitimate. If they fool the victim, they are mobilized to give confidential information on the scam website.

These attacks begin when the scammer identifies information about the target; they start building a strong connection with them. A foothold in company networks, access to crucial data like intellectual property, and in some cases, money are all provided by successful phishing assaults. The issue is educating individuals and organizations about phishing and recognizing a phishing email. Phishing can take many forms, but at its core, it refers to any email attack that aims to influence the receiver to do a particular action. This can involve opening a malware-filled attachment, following a link that takes you to a hacked website or disclosing sensitive data like usernames and passwords.

Some of the common types of phishing attacks include:

• Email Phishing: Phishing email is the most common type of attack, where individuals or employees who use the same email address or password to access each website become more susceptible to attacks. Users these days learned to dodge spam emails. However, these emails can look deceivingly credible and personalized, including generic salutations such as 'Dear Sir/ Madam." In addition to this, users also observe a mismatch of sender name and sender email formats like sender Name as "Alex Paul" and the Sender email as "<54210@virginmedia.net>" along with grammatical errors in the content.

• SMS phishing: 'Smishing' is a mobile phishing attack that targets victims via SMS rather than email. Scammers can easily generate and impersonate mobile numbers using VoIP to text any number for clicking suspicious links or disclosing personal information. And mobile carriers don't have robust spam filters, allowing malicious text messages to get delivered. 

• Pop-up phishing: Pop-up phishing is also one of the most common attacks witnessed by users. It involves fraudulent messages that "pop up" for users when they are surfing the web. In various cases, cybercriminals infect credible websites with malicious code that causes these pop-up messages to appear when people visit them. The user also witnesses that the domain names and website links are mismatched. Asking for immediate action is a crucial pattern of all phishing attacks. Users often fall prey to this sense of urgency.

It may be difficult to spot a phishing attack; however, by exercising caution and deploying a few fundamentals, individuals and organizations can sense any red flags that something may be out of place or unusual. Clicking suspicious links in emails or instant messages isn't a good idea. For instance, a phishing email may claim to be from a legitimate source, but when you click that link, it will lead you to a fake website which requests your personal and bank details. Users should always verify malicious mail, where scammers ask for immediate action on any personal information, and check thoroughly before proceeding. Also, to avoid getting trapped, they should always provide wrong personal information, for instance enter the wrong password as a phishing page cannot check the authenticity of the wrong password you have provided and will take the input as legitimate one. Keeping all of this in mind, they should also enable Multi-factor authentication for your banking, social logins, and notification for suspicious activity. Individuals should also adopt cyber security software to prevent phishing attacks from suspicious emails, block malicious links, combat weaponized attachments and spot signs of fraud.

As it's said, 'Prevention is better than cure' users should always be mindful of these anti-phishing techniques to enjoy worry-free and distraction-free online surfing experiences. 

The article has been written by Sandip Kumar Panda, Co-Founder of Instasafe technologies