What is Phishing Attack?
Phishing is a technique used by scamsters to illegally procure personal information, like Internet Banking User Id and Passwords, Credit Card Number and ATM PIN etc., by sending e-mail.
The e-mail appears to be sent by Bank or a well-established organization providing online services. The content of the e-mail is framed in a manner that creates a sense of urgency in the mind of recipient, for example- "We are upgrading our system to make it more secure. Therefore, click on the link below and provide your Internet Banking User ID & Passwords at the earliest; otherwise your Internet Banking services will be de-activated." Customers of leading Banks throughout the world have been targeted by such Phishing e-mails.
Types of Phishing Attacks
- E-mail-based Phishing attacks:
Where millions of e-mails are distributed randomly. The e-mail typically includes a hyperlink, which is often codified so that the destination of hyperlink is not apparent to the recipient. Once the recipient clicks on the hyperlink he/she is taken to a spoofed Website, which is a copy of a Bank's Website. The recipient is asked to enter Internet Banking User ID and Passwords. The User ID & Password collected are then stored and forwarded to cyper-criminals.
- Malware-based Phishing attacks:
Where a piece of Trojan (malware) is loaded onto user's computer by exploiting vulnerability in Operating System or Browser software. This Trojan can have many capabilities but typically it identifies when the user accesses a Bank's Internet Banking website and then either logs the subsequent keys or takes a screen image. This information is then forwarded to the cyber-criminals.
Protection Against Phishing Attack
- Do not click on hyperlinks in e-mails
Never click on hyperlinks in e-mails unless you are sure about the destination of the hyperlink. The hyperlink may take you to a spoofed website asking you to enter personal sensitive information or the hyperlink can secretly installed malicious software in your computer.
- Verify SSL Certification (https://)
Whenever you enter your Internet Banking User ID and Passwords or any other sensitive information, always check that the website address (URL) starts with https:// not http:// (notice 's' in https://). Also check the validity of SSL Certificate used in the URL.
- Never Enter personal sensitive information in a pop-up window
A common Phishing technique is to open a pop-up window when you click on a hyperlink in Phishing e-mail.
- Never download software or files from an unknown source
Downloading software or file from unknown sources can secretly install malicious program (Trojan) into your computer. This malicious program then captures your sensitive information (as you type from keyboard) and sends the same to hacker sitting on remote computer on Internet.
- Use an Antivirus and keep it up-to-date
Regularly scan your computer with Antivirus to detect and remove any malicious program got installed into your computer.
- And last, get educated
Educate yourself on the trend of attacks and how to prevent these types of attacks. This is because hackers also employ new techniques of attack. Various online resources are available to get yourself updated.