Why Security and Threat Awareness is Mandatory for All?
It's not only important to stay connected, but to stay connected, safely. Here's all you need to know about Phishing to protect your organization and devices against threats.
The technological advances and electronic gadgets have changed the way we live. We cannot think of a day being complete without using cell phone, internet and social media, it’s all about being connected for convenience and ease. In this article, I am going to talk about Phishing and how you can ensure security on your device and safeguard your organization against threat awareness.
Phishing is a malicious attempt to gain access to your account or record personal information about you, by getting you to enter your login or other sensitive information into a fake website or through spurious phone call, etc. Phishing attacks use both social engineering and technical subterfuge to steal customers' personal identity data and financial account credentials. Many scammers try to trick people with fake offers of free, rare, secret or exclusive digital goods (e.g., coins, chips, gift cards). Phishing is carried out via email, phone call, IM, social media or by phishing sites that are replicas of familiar websites. Usually there will be either promise of a reward on compliance or warning of an impending penalty on non compliance. For instance, a hacker may send you an email that looks like it's from a colleague, acquaintance, friend or a reputed Bank or Institution, so that you will give them your personal information including login credentials.
Phishing emails or websites or phone calls might ask for:
Usernames and passwords, including requesting for password reset
Credit card details
Bank account information
PINs (Personal Identification Numbers)
SSN (Social Security Number) or TIN (Tax Identification Number)
Other personal/ official details
How to Identify Phishing email?
May contain links or attachments asking you to click.
Generally asks you to take an urgent action or refers to a previous communication.
Requests personal or sensitive information such as Internet banking login ID, password or credit card details.
May ask to verify your Organization password or domain account.
May promise a reward or bonus points.
Use “masked” links that look like a trusted website address but navigates you somewhere else when you click.
Please do not underestimate Phishing, before any suspicion sets in your mind, you might end up being a victim. A few months back a colleague of mine was extremely busy with project delivery when she received a call from someone claiming that her SBI credit card usage has won her a gift h&er along with an increase in Credit Limit. The caller first asked for her permission if she wishes to approve of the increase in Credit Limit. She was taken through all the formalities needed under actual scenario and she gave all the requested information. Within a few seconds of the phone call, she received an SMS notification from SBI credit card that she has just spent Rs 15799/- on eBay Kerala. She got perplexed and came to me narrating the whole incident. I started asking her to recollect what information did she reveal and then she realized that the caller had her SBI credit card number, her DOB, her mailing address, card expiry number which he confirmed with her, she only needed to provide the CVV number and OTP (One Time Password). With this we were certain that it was a fraudulent call because as per RBI guidelines, no Banks or Financial Institutions will ever ask for CVV details and OTP. She lodged complaint, but ultimately she lost because as per SBI records she had made the blunder of sharing CVV and OTP details.
How to Protect Yourself and Your Organization?
Beware of links in emails that ask for personal information even emails from known internal sources.
Always be aware and validate with the sender because above actions can cause losses for you and your organization.
Always ensure the organizational credentials are entered only in URLs that have authentic organizational domain names.
Be aware of Pop-ups asking for personal or sensitive information.
Never share your personal details like username, password or financial information, over electronic channels (FB, IM, Whatsapp, phone call or email) even if you are close with the recipient, check with the sender personally.
If you suspect that you may have been conned or if you are unsure – please reset your password immediately.
Be careful of profile cloning and link cloaking in social media websites. I will cover these topics in my upcoming articles.
How to Report Phishing?
You may Report Phishing to banks by calling the helpline number specified on your bank statement. For your reference, I have provided few email addresses to report phishing:
For SBI Bank: email@example.com
For ICICI Bank: firstname.lastname@example.org
For LinkedIn: email@example.com
For Facebook: firstname.lastname@example.org
For Twitter: email@example.com