Those who had an experience with my data and information being stolen would never forget these horrible experiences. For some, only their bank account was attacked yet some never retrieved it all.
If that is never your case, you probably must have an experience of your Facebook, Instagram, WhatsApp, or Email hacked. Once hacked, they change all information about you or use your personality to dupe your loved ones.
You must have heard ‘phishing’ before, and if you have not, Phishing is a type of scam that falls under the category of social engineering.
The recipient is subsequently deceived into clicking on a harmful link, which can result in the installation of malware, the locking of their system as part of a ransomware attack, or the disclosure of sensitive information.
In our home context, someone sent you a link to one website to get free data, or their loved one got nominated for certain award, and you are expected to vote for them by clicking on the link. These are just a few of several examples of phishing attacks that are possible.
Here are some examples of phishing techniques.
Before advancement of social Platforms, phishing attacks used to be frequent in emails but now they have gone far. Starting with Email phishing is compulsory.
Email phishing Scams are those in which you receive a promising offer from a user you don’t know. To enhance the illusion of legitimacy, attackers invest considerable effort in crafting phishing messages that closely resemble genuine emails from a spoofed organisation.
Take an instance where you received a mail saying that Konga has new gadgets that you should check out, possibly because they are on discount. You are told to click to use the coupon to get the discount. The link’s address could be https://www.kongac.com/. This website has a ‘c’ in the spelling of Konga.
They employ matching phrasing, typefaces, logos, and signatures, creating messages that convincingly mimic the real thing.
Attackers typically employ tactics aimed at compelling users to take immediate action by inducing a sense of urgency.
For instance, as previously mentioned, an email might convey a threat of account expiration, placing the recipient under a time constraint. This pressure tactic can lead the user to be less cautious and more susceptible to making errors.
The next style of phishing attack, which is now the order of the day, is spear phishing. In spear phishing, user received link directly on platform to click.
Phishing attack prevention necessitates proactive measures from both individuals and organisations.
Here are few steps to escape Phishing attack:
- For users, vigilance is paramount. A spoofed message often carries subtle errors that reveal its fraudulent nature, such as spelling mistakes or alterations to domain names, as illustrated in the earlier URL example. Users should also pause and critically consider the reasons behind receiving such an email in the first place.
- Don’t be lazy about strengthening your security system by doing Two-factor authentication (2FA).
Two-factor authentication (2FA), a subset of multi-factor authentication (MFA), is a security mechanism that verifies users by requiring two distinct forms of identification. This typically involves knowledge-based information like an email address and proof of mobile phone ownership.
When layered on top of traditional username/password verification, 2FA significantly enhances security by adding an extra layer of defence. Even if an attacker manages to breach the initial authentication (such as by brute-forcing a username and password), they still need to navigate the second factor.
In today’s digital landscape, 2FA is widely adopted across various sectors like online banking, social media, and e-commerce. Its primary role is to fortify access controls, particularly for sensitive sections of web applications, like administrative panels or areas housing confidential financial and personal data.
Two-factor authentication empowers businesses and public institutions by facilitating remote work and allowing employees to perform tasks with reduced security concerns, thereby promoting productivity and efficiency.
