ICYMI, What’s Phishing? Cybercriminals have a number of tools in their arsenal to gather any information of value. A phishing attack is one of those tools. Cyber criminals scrupulously duplicate a genuine webpage and trick you into opening that fake/ forged webpage. Sometimes, the forgery is so immaculate that it perfectly imitates a webpage- making detection by the naked eye highly unlikely.
Do you wonder how do they do it? Well, for now the bigger question is: how would you end up on the such a fake/ forged webpage?
Before we begin, this article has been co-authored with Adwait Kolwalker.
Throwing the hook into the pond
Imagine this: You received an email from Google just before hitting the bed. The email says that somebody tried to log into your account from XVZ device, the location being ABC. Now you would have a look at the device name, and the location, and come to a conclusion that it’s not you. You read the email further down. The email says that to secure your account, use this link. You click on the link, enter your email ID, then you enter your password, and that’s it. The page redirects you to a page which says, ‘your account is safe’. Or is it?
You just shared your email ID and its password on a duplicate Gmail login page. Don’t think so? Take a look yourself using this link.
Similarly, forgery methods could include creating fake letterheads, email IDs, and sometimes even fake companies, in order to make their victims believe that they are legitimate. But generally, a phishing attack starts with an email or text message through which a cybercriminal attempts to lure its target. Once, the target clicks the link, it depends on him as to how much he gives away without realizing that he has been pawned. Many a times, these links could also contain malware which infects the computer with virus.
But why you? Ain’t there bigger phishes to fry?
Phishing is of two kinds; general and spear-phishing- when criminals know who their target is. However, cyber-criminals usually throw a very wide net. After all, they could or could not achieve much if they go after a certain person. Hence, forged emails are sent to thousands of people and the responses are received in databases. These databases could later be sold on the dark web, or the criminals could themselves use the existing data as a precursor to some other mischief. If you want to know more as to how could the criminals use this data to dupe you, read this article of ours.
The scale of the problem
The problem of phishing exists not only in India but throughout the world. A survey in 2019 stated that India ranks second in phishing hosting nations in the world, only second to the United States. Another survey stated that over 26% of emails sent everyday were phishing mails.
Coming to a recent instance
In June 2020, Nidhi Razdan left her 21 years old job at NDTV. She cheerfully declared that she was joining Harvard University as a professor of Journalism. Six months later, she realized stated that her job offer at Harvard was in fact a phishing attack to which she had fallen prey. She stated that the scammers had used sophisticated phishing techniques and had used clever forgeries. She later filed a complaint with the Delhi Police.
In FBI’s I3C report, they stated that “While hiring scams have been around for many years, cyber criminals’ emerging use of spoofed websites to harvest PII and steal money shows an increased level of complexity. Criminals often lend credibility to their scheme by advertising alongside legitimate employers and job placement firms, enabling them to target victims of all skill and income levels.”
Some common methods of cyber-criminals
It could be a friend in trouble who needs cash to pay for emergency hospitalization, or it could be an email stating that your payment for XYZ purchase was declined. It could also be job phishing, as explained above, or it could be a prize that’s waiting for you to claim it. The methods could be many. So what is required is a careful scrutiny of each email & communication, and a few Google searches to verify what is being said. Here are a few suggestions.
Detecting a scam
- Always keep an eye on the search bar. If it is doesn’t say https, better stay away from it.
- Never click on unsolicited emails, documents, links.
- Look for the email address of the sender. If it doesn’t come from a trusted person, or a business email account, ignore. If it seems important, verify with the sender through other means of communication.
- If you receive a job offer, a prize, or a lottery which you did not apply for, then the chances of it being a phishing email are more;
- If the offer is asking for an amount as a down payment for you to get the job, it is a scam;
- Carefully look at the grammar and vocabulary. Scammers are mostly from non-English speaking countries and make plenty of mistakes;
- If the job offers a large pay check (more than your current CTC) then it can be a phishing mail;
- Use an anti-virus which provides for anti-phishing services.
The case of Nidhi Razdan has shocked many. A senior executive and a top news agency had fallen prey to such an attack. One can note that a mere Google search about the ‘School of Journalism’ at ‘Harvard’ would have suggested that no such school exists in reality. Although a Master’s in Journalism program does exist, the same comes under Harvard Extension School which is a branched out School of Harvard University. The logo of Harvard Extension School is also different from Harvard University.
The present times demand that we never let our guard down. We would continue posting more on scams. Till then, keep calm and trust https!
Do subscribe to our Telegram channelfor more resources and discussions on technology law and news. To receive weekly updates, and a massive monthly roundup, don’t forget to subscribe to our Newsletter.