How to Recognize And Avoid phising scams-TECHNOLOGY GYAN,

Danger online: Fraud link can empty your account

With 150 cases in the last 3 months, Capital becomes a hunting ground for cheats hacking into electronic payment interface

Phishing attacks continue to play a dominant role in the digital threat landscape.In its 2020 Data Breach Investigations Report   (DBIR), for instance, Verizon Enterprise found that phishing was the second topmost threat action variety in security incidents and the topmost threat action variety in data breaches. It therefore comes as no surprise that more than a fifth (22%) of data breaches analyzed by Verizon Enterprise’s researchers involved phishing in some way.

  Digital fraudsters show no signs of slowing down their phishing activity in 2020, either. On the contrary, a report from Google found that phishing websites increased by 350% from 149,195 in January 2020 to 522,495 just two months later. Many of these websites likely used coronavirus 2019 (COVID-19) as a lure. Indeed, Barracuda Networks observed that phishing emails using the pandemic as a theme increased from 137 in January 2020 to 9,116 by the end of March—a growth rate of over 600%.

The rise of phishing attacks poses a significant threat to all organizations. It’s important that all companies know how to spot some of the most common phishing scams if they are to protect their corporate information. It’s also crucial that they are familiar with some of the most common types of techniques that malicious actors use to pull off these scams.

Towards that end, we at The State of Security will discuss some of the most common types of phishing attacks as well as provide useful tips on how organizations can defend themselves.

1. Deceptive Phishing

Deceptive phishing is by far the most common type of phishing scam. In this ploy, fraudsters impersonate a legitimate company in an attempt to steal people’s personal data or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing what the attackers want.

Techniques Used in Deceptive Phishing:

1.Legitimate links

2.Blend malicious and benign code

3.Redirects and shortened links

4.Modify brand logos

5.Minimal email content

How to Defend Against Deceptive Phishing:

The success of a deceptive phish hinges on how closely the attack email resembles a piece of official correspondence from the abused company. As a result, users should inspect all URLs carefully to see if they redirect to an unknown and/or suspicious website. They should also look out for generic salutations, grammar mistakes and spelling errors scattered throughout the email.

2. Vishing

Until now, we’ve discussed phishing attacks that for the most part rely solely on email as a means of communication. Email is undoubtedly a popular tool among phishers. Even so, fraudsters do sometimes turn to other media to perpetrate their attacks.

Take vishing, for example. This type of phishing attack dispenses with sending out an email and instead goes for placing a phone call. As noted by Compairtech, an attacker can perpetrate a vishing campaign by setting up a Voice over Internet Protocol (VoIP) server to mimic various entities in order to steal sensitive data and/or funds.

Techniques Used in Vishing

Here are some common techniques used in vishing attacks:

1.The mumble technique  

2.Technical jargon

3.ID spoofing

How to Defend Against Vishing

To protect against vishing attacks, users should avoid answering calls from unknown phone numbers, never give out personal information over the phone and use a caller ID app.

3. Smishing

 Vishing isn’t the only type of phishing that digital fraudsters can perpetrate using a phone. They can also conduct what’s known as smishing. This method leverages malicious text messages to trick users into clicking on a malicious link or handing over personal information.

Techniques Used in Smishing

Webroot identified some techniques commonly used by smishers:

1.Trigger the download of a malicious app

2.Link to data-stealing forms

3.Instruct the user to contact tech support

How to Defend Against Smishing:

Users can help defend against smishing attacks by researching unknown phone numbers thoroughly and by calling the company named in the messages if they have any doubts.

This is an diagram to show phishing attack:

HUBS OF CRIME

In a majority of the cases related online marketplaces, the IP addresses and bank transactions have been traced back to the Mewat region of Haryana and on the Rajasthan border. Besides, OTP-related frauds have been detected from Jamtara and Dumka districts of Jharkhand. Delhi, Mumbai, Bengaluru, Hyderabad, Noida, Gurugram are some of the cities where conmen reside in large numbers," said a senior official of Cyber Cell, Delhi Police.

Anyesh Roy, DCP Cyber Crime Cell, told Mail Today that detecting and tracing cyber fraudsters is a formidable challenge. "The cyber fraudsters generally assume a false identity and so tracing the origin of the crime is difficult. It requires huge resources as we have to go outstation for investigations. We have to work in close coordination with banks, payment gateway, merchants and financial app companies," adds Roy.

The Uttar Pradesh Police, for instance, have sent a notice to an online classifieds website over complaints that these it failed to do KYC verifications. This happened after the Azamgarh police arrested a gang selling stolen automobiles through an online website by making fake Aadhaar, registration certificates and insurance documents.

"We have sent a notice to the online portal which was misused in this case. We have sought their detailed action plan on how they are going to check criminal activities on their platform and how they propose to ensure proper KYC details of customers. Online classified websites have been informed several times about such frauds, but they have done little about it," said Azamgarh SP Triveni Singh.

Cyber crime