DailyPost 2924
DON’T GET PHISHED!
Fishing as a skill has been practiced since the advent of civilization to this day, from hunters gatherers to the modern days of fishing trawlers and ocean fishing lines. The IT revolution and the cyber world brought it a different type of a bait for humankind, opening doors for cyber crime and putting the individual, companies, enterprises, and even governments to risk. It also becomes an access tool in the war of attrition; the ongoing and never ending cyber war. This is known as phishing. Instead of catching a fish, here the fish is mainly data, for purposes of making money, debilitating critical infrastructure, stealing secrets for a variety of purposes and opening gates for ransomware.
Espionage cannot be far behind. There are specialised ways of phishing; namely spear phishing and whaling phishing. Suffice to say, it was our bounden duty today to safeguard ourselves from such attacks. Or else, we put not only ourselves but our organisations, communities and governments / nations to risk. Phishing is the most common form of cyber crime. More than half of those affected by cybercrime fall victim to phishing. More that 80% of the cyber attacks are caused by human error, ignorance, lack of expertise, overconfidence, undue dependence on tech support etc.
Phishing attacks are becoming more advanced and thus harder to detect, nonetheless there are still telltale signs which can help the user to detect before falling victim to it. Most important precaution which should become your habit is to inspect URLs carefully. Phishing URLs are long, confusing and full of random characters. Checking HTTPS adds another level of confidence, though it cannot be taken as full proof. Links which are overly complex or look like a jumble of characters should also raise suspicion. There has been a recent case involving Google’s URL redirect being used several times to mask the real phishing link. This can be made out by a discerning eye.
Redirecting is one of the main tactics. Besides considering the complexity of the URL, find out where the link leads you. “This tactic extends the delivery chain and confuses users, making it harder to find out the malicious intent. If we find strange page tiles and missing favicons, it should be a red flag. Favicon normally would correspond to the service. One should also be aware of abused CAPTCHA and Cloudflare checks. There is also a need to verify Microsoft domains before entering passwords. Another way to spot phishing links is by closely examining the interface elements of the program. From where do we start? You can start your cyber secure journey with ANY.RUN’s Safebrowsing. It offers a secure, isolated browser to enable you to safely analyse these suspicious links in real time. Your system thus remains safe.
WITH FEW SAFEGUARDS YOUR LIKELIHOOD OF GETTING PHISHED GOES DOWN CONSIDERABLY.
Sanjay Sahay
Have a nice evening,