The Threat Of Phishing
Phishing threats - Learn what it is and how it works, its various types, and last but not the least, how to tackle the problem.
Each and everything from our computers to our televisions to our smartphones and tablets is connected to the internet. We enjoy the power the internet gives us – the power to find out information about anything with the click of a few buttons, the power to pay all our bills on the go, and the power to find old friends who were once forgotten. While the internet makes our lives easier, it can also put us at risk.
Using internet services and software to defraud people and take advantage of them is known as internet fraud. These fraudulent activities can occur via e-mail, chat rooms, message boards, or even websites. There are many different kinds of internet fraud, here's a quick look at a few of them:
- Purchase Fraud: Criminals propose business transactions with merchants and then pay for their order using stolen or fake credit cards, which means the sale is not really paid for. When merchants accept credit card payments, they could receive a chargeback for the transition, and overall end up losing money. Sometimes, people with malicious intentions obtain the account and PIN numbers linked to credit cards and use the information to withdraw money from the person's account.
- Counterfeit Cashier's Cheque Scam: This method of scamming people takes advantage of internet listings and the lag between the immediate cashing and clearing of cashier's cheques. The scam artist will reply to a listing on Craigslist, or other listing websites, and will send a cashier's cheque to the victim. As banks consider these cheques to be a guarantee of funds, the cheque is cleared immediately, and the scammer will ask for part of the money back as they are unable to complete the full transaction. However, once the bank realises that the cheque has bounced, they come back to claim the money from the victim who has been left high and dry.
- Money Transfer Fraud: Similar to the counterfeit cashier's cheque scam, money transfer fraud uses an offer of employment to steal money from their victims. The prospective victim will receive an e-mail offering them a job that promises high pay and great benefits. They then send fake cheques or postal money orders hoping that the victims will cash the fake money instruments instantly and send them the money before the fraud has been found out.
- Phishing: The attempt to acquire sensitive information such as passwords, credit card details and usernames by posing as a trustworthy entity is known as phishing. To lure unsuspecting victims, communications are made to look like they originate from popular social media sites, auction sites, online payment processors, IT administrators and banks. Hackers create clones of websites and ask victims to enter in personal information that the hacker then uses to take advantage of them.
How Phishing Works
Initially, phishing started off on AOL. A phisher would pose as a staff member and send an instant message to a potential victim asking for their password. Generally, phrases such as ‘verify your account' or ‘confirm billing information' were used to coax the victim into giving up the information that the attacker would then use to access the victim's account for fraudulent purposes.
Unfortunately, phishing is no longer just carried out over e-mails via the internet. New forms of phishing known as Vhishing and SMiShing are now emerging. Vhishing, or voice phishing, uses social engineering over the telephone system to gain personal information of victims. The information is generally financial in nature and allows the scammer to gain access to the victim's finances. Most legal authorities find it difficult to monitor or trace voice phishing, and people are advised to be suspicious of phone calls or messages asking them to disclose their financial details over a call.
Similarly, when SMS messages are used to prompt victims to disclose their financial details, it is known as SMiShing or SMS Phishing. America's supermarket chain Walmart was the target of a SMiShing scam that informed people about a non-existent $100 gift card as bait.
Types of Phishing
- Spear Phishing: When the attack is directed at a specific individual or company, it is termed as spear phishing. Attackers spend time gathering information about their victim to increase their chances of success, and this method accounts for 91% of all phishing attacks.
- Clone Phishing: Here, a legitimate and previously delivered email that contains a link or attachment is used to create an almost identical or cloned mail. The attachment or link is replaced with malicious software and is re-sent as an updated version of the previous e-mail. This allows the attacker to gain access to the new machine by exploiting social trust.
- Whaling: Recently, phishing attacks have been directed directly towards specific senior executives and other high profile people within businesses, and this has been termed as whaling. The bait web page or e-mail uses a far more business-like tone to target the victim. These emails are generally written as legal notices or customer complaints of executive issues.
Phishing can result in a wide variety of consequences. A person can simply be denied access to email or could lose a sizeable chunk of money. The 3rd Microsoft Computing Safer Index Report that was released in February 2014 stated that the annual worldwide impact of phishing could be as high as $ 5 billion.
Tackling the Problem
As regular internet users, there are a few things we should be aware of that will help keep us safe from any phishing threats.
- Legitimate Websites: When we click on links in e-mails, we should be aware of which website we intend on visiting. Secure links start with https instead of simply HTTP. This lets us know that we are working on a secure link, and we are less likely to be targeted while visiting secure sites.
- Brower Alerts: Opera, Firefox, Chrome and Safari all have anti-phishing software that alerts us to fraudulent websites. Since 2006, a special DNS service is being used in tandem with the browsers to filter out known phishing domains. To alert clients that a site they are visiting may be fraudulent, website owners alter their images, so that we get a warning message when we attempt to access a site which contains images that are not a part of normal browsing.
- Strong Password Logins: Most of us get frustrated by the number of passwords we have to learn. These passwords need to be changed frequently and generally must contain a capital letter, a number and a symbol. While this helps us create strong passwords that are not easy to hack, banks have also started using security images and security sentences to add more protection when a user signs in to internet banking. These security measures prevent phishers from gaining access to our financials.
- Legal Action: If you do receive suspicious e-mails, you can keep a record of them and show them to the authorities. Laws have been put in place to protect us from phishers and scams. You can also directly contact the company being phished or spoofed, and let them take the appropriate legal action.
The amount of time we all spend on the internet continues to increase, but this also means that we are at an increased risk of allowing phishers to gain access to our personal information. We need to be aware of risky emails and phone calls asking us to provide personal information. In case you get any such phone calls, it may be a good idea to contact your bank directly and ask if any of their personnel called or e-mailed asking you for information. Remember that your banks have all your details and do not require your passwords or other details, so be careful, and don't share sensitive information with anybody.
Read out how to save money on your home loan.