There has been a whopping uptick in phishing attacks that rose 220 percent during the COVID-19 pandemic. Further, the data suggested that phishing attacks rose at 15 percent on a year-on-year basis in 2020. Here we list the causal crux behind phishing and how you can protect yourselves and your colleagues from such attacks.
It has come to be a huge shocker for many people when prominent media personality Nidhi Razdan took to Twitter and announced that she has been a victim of a phishing attack that duped her on the pretext of providing a job of assistant professor at Harvard University. Following that she did write a blog on the NDTV website revealing her ordeal of deception and betrayal that she went through quite unknowingly.
Further, she has described that in the name of offering a job at the university, the phishing attack was so much sophisticated that it looked quite genuine which led to her falling for it. Former NDTV journalist also said that all the documents shared did carry credentials of Harvard University which seemed very much real – although they were fake. Subsequently, the hackers also got access to Nidhi’s bank account, certificates, and important documents.
What is phishing?
As it is quite pertinent from the aforementioned incident, phishing is typically an attack where hackers aim to gain access to user’s personal information and other details on the pretence of being a genuine trustworthy organisation or an individual. Phishing mostly takes place online through an email, link, or any kind of attachment on the premise of providing jobs, giving benefits of schemes, or providing admission in esteemed universities and colleges.
As per the F5 Labs report, there has been a whopping uptick in phishing attacks that rose 220 percent during the COVID-19 pandemic. Further, the data suggested that phishing attacks rose at 15 percent on a year-on-year basis in 2020. Other than that, cybercriminals were also quite determined to hack and loot new and vulnerable URLs which consist of WordPress websites and many generic website’s addresses.
Phishing attacks in India
Over the period of last year, there have been several attempts to dupe users to give their personal information through such phishing attacks in India. The Ayushmann Bharat phishing attack was one such where a WhatsApp message was circulated with a link in the name of providing advantages to beneficiaries. But that link obtained the user’s personal data and information.
Instagram phishing swindled the users in the name of code-based authentication and eventually obtaining their personal information and data. Similarly, the Netflix phishing attack also bamboozled users to give their account information and access to the hackers on the pretext of account-on-hold and transaction problems.
As per the KPMG report the rise in such ransomware is going nowhere and will continue to lure more and more gullible users. Generally, they tend to be based on vaccines, masks, financial scams based on government schemes, critical updates to media, and social media applications.
How to tackle phishing attacks?
- Take utmost precaution while opening any email from an unknown source or those coming from outside your organisation.
- Always make sure to have a substantial backup of all your crucial databases, files, and user data.
- Always flag emails that come from external sources – making it easier for other employees to glean through them with caution.
- One should also make sure that there is complete segregation and separation between personal and official devices used for communication.
- Avoid clicking on shorter links and do not enter any information on pop-ups.
- Scrutinise these emails and links on grammatical errors, sentence structure, spelling mistakes, and peculiar phrases.