What is a phishing scam? Types of phishing attacks and how to prevent phishing attacks

India generates the most number of phishing and spam emails in Asia, according to a recent report. Instances of phishing can be traced back to as early as 1995. Over time, it has become one of the most prevalent forms of cyber-crimes.

● In the first quarter of 2020, India witnessed a 37% increase in cyber attacks.

● Between January and March, a cyber-security company detected and blocked more than 52.8 million local cyber threats in India.

Phishing, as a duping practice, is growing more sophisticated than ever with time. That’s why even though it’s old, cybercriminals still use this technique by and large to extract sensitive information or install malware on the targeted entities’ devices. Because of its prevalence and the immense risk phishing carries, you must learn more about it to avoid falling prey to it.

Phishing – Know what it means

Phishing is the practice of sending electronic communications – emails, instant messages, and text messages – disguised as a trustable entity. The attacker masquerades as someone that the recipient is likely to believe, like a financial institution, and attempts to dupe them into opening malicious links.

Alongside disguising as a reputed entity, attackers also craft professional-looking emails and messages with an undertone of urgency. The sense of urgency prompts recipients to take action with haste. This is why several recipients fall victim to this technique.

It leads to them providing sensitive pieces of information, like credit card details and login information, on fake websites. In other times, it results in the download of malware onto the victim’s machine.

In other words, phishing can have grave consequences for the victim, including financial loss, unauthorized transactions, and identity theft. That’s why several individuals keep in place mechanisms like an identity assure policy to mitigate the damage if such an eventuality comes to pass.

With this understanding of what is phishing, also take a look at its types.

What are the different types of phishing?

The factor that makes this cybercrime even more formidable is the existence of different techniques that attackers employ. The three most popular types of phishing techniques are:

1. Email phishing

It is the commonest technique, where the attacker sends out thousands of emails for a response from a few such recipients. They use the same methods – pose as a trustable entity, craft a credible message, and create a sense of urgency – with a generic approach.

For instance, a phishing mail could mimic a reputed financial institution, creating urgency for the recipient’s credit card expiration and immediate update, with a phony link attached. Such an email could even be accompanied by a timer to intensify the urgency.

Read Also: 37% increase in cyberattacks in India in Q1 2020: Report

● 27th – India’s rank in terms of web-threats detected by a cyber-security company in the first quarter of 2020.

Attackers research at great lengths about companies they are mimicking to create emails that look exactly how it’d if such companies sent it. Even if a few individuals open these mails, the result can be an enormous financial gain for the attacker and loss for the victim.

2. Spear phishing

This technique is fundamentally the same as email phishing, but with one significant alteration. Unlike the former, spear phishing targets specific recipients. Therefore, the approach is personalized for each individual. This factor makes it even riskier for the recipient.

Attackers conduct in-depth research about their targets and crafts personalized mails or messages. This technique is more often used to break into organizational systems and is the first step of APT. However, individuals can also be targets of this cyber-fraud technique.

3. Pharming

It’s a blend of the terms ‘phishing’ and ‘farming’. Herein, recipients might not even need to click on a malicious link to be redirected to a phony website. It infects the host computer or its DNS server and redirects the individual to a bogus website even with the correct URL typed in.

How to avoid phishing?

I. Be informed

Types of phishing are evolving continually. Therefore, you must keep yourself apprised of all the latest developments and techniques phishing attackers are using to avoid inadvertently falling prey to one.

II. Click with caution

Phishing mail addresses and links they contain look virtually similar to the ones they are trying to mimic. However, there are minute details that are dissimilar. Whenever you receive a mail prompting you to click on a link with an urgent undertone, check the address and the link properly to ensure their credibility.

III. Keep proper mechanisms in place

Use anti-virus and anti-malware software systems to prevent falling prey to practices such as pharming. You might also want to prepare for inadvertent loss of financial data with a suitable insurance plan in place. Bajaj Finserv provides Wallet Care under its Pocket Insurance and Subscriptions, using which you can block all your cards with a single phone call.

IV. Keep browser up-to-date

Browsers release security patches from time to time. Such patches mend the existing loopholes in them, which phishing attackers and hackers may discover and exploit. So, ensure to update your browser whenever a new version rolls out to continue surfing the internet safely.

Alongside phishing, ATM frauds are also a growing concern in India. It involves stealing essential card details for unauthorized transactions. You might consider availing an ATM safeguard policy to maximize your financial safety.

● In FY 20, there were more than 50,000 card-related frauds in India.

Since cyber-crime attacks, including phishing, are evolving rapidly and continuously, it might be in your best interest to be wary of sharing sensitive personal and financial information over the internet and on calls.