This article is written to shed some light on one method that hackers use to steal your data, namely, the Phishing Attack.
Phishing is baiting you to do something that is not in your best interest by making you:
Click a Link
Download an Attachment
Give out Sensitive Information
How do they work?
Phishing can be done through Emails, SMS, and social media.
They impersonate someone in authority to ask for your data.
Your Boss asking for Client Information
Bank asking for Credentials etc.
There is a sense of urgency in these communications that forces us to respond quickly.
You are a Winner for a prize, click to collect.
Your Account will be frozen if you don’t give us the details now.
Bank-Related Phishing Attack
You might receive an email from your bank stating that your account is going to be frozen. To avoid the hassle, please click this Link. When you click the link, you will be taken to a page that is exactly like your bank’s login page. You will enter the username and password correctly on this page. But it will respond that the username and password are wrong. You may try this many times and then leave it.
In short, whenever you are using your bank’s website or any other website for that matter, always make sure the address (URL) is correct and not a fake one. Hackers can make similar websites and manipulate Google statistics to make their fake page appear as the top search result when you search your bank website. It would also be better that you bookmark your bank website so that you don’t have to search and select the link all the time.
Nowadays, your accounts are protected using Multi-Factor Authentication (MFA). This is usually in the form of One Time Password (OTP) to your registered mobile or token using the bank’s mobile application. To get hold of these passwords, the hacker will make a call to your mobile impersonating a bank official and might ask for these passwords.
You need to remember that OTP and Token should never be given to anyone and no one is supposed to ask you this.
Why does it work?
They are hasty in clicking any links.
When a web site asks for any information, they give it without thinking.
Hackers get most of the required data from social media.
This helps them to make personalized attacks on individuals
How to detect a Phishing Attack?
Hover Over Links to see the full Address of the destination URL.
Check the From Email ID. Is it the right domain name?
Are you expecting this Mail, SMS or Call?
Is the site asking information more than it needs?
If in doubt, make a direct call to the person or organization to confirm.
Amazon Delivery Example
One day, you ordered some products to be delivered to your house. The Amazon delivery boy requests your home location and ID number. Should you give it to him? Yes, you must. Because both are required for fulfilling the service of delivery. The first one to identify the place to deliver the package. And the ID is required as evidence that they have delivered to the right person. What if they ask for your Date of Birth and Credit Card number? Well, that information is not required for this service, and you should not give them.
Your data is your identity. So, keep your data safe from people who would want to exploit your data for their gain and your loss.