Indeed Phishing attacks are not something new. Rather these have been there for decades now and have plagued individuals and businesses alike. For those who remember the 2016 Verizon Data Breach and the subsequent investigations, the Report found that 58% of incidents involving compromised user credentials utilized phishing attacks.
The Phishing attacks have only grown and increased in frequency and sophistication over the past years. Having been associated with the net for long, and seeing the innovative tricks being used in these phishing attacks, I often wonder how difficult it is for someone not to fall for the traps. And this has been proven true, time and again.
Recently a well known Indian journalist Nidhi Razdan, got carried away and fell for the phishing attack directed at her. Despite being an experienced and astute journalist, she believed the perpetuators of the attack when offered an assignment at the prestigious Harvard University as an Associate Professor of Journalism. In June 2020, she left her job of 21 years with the famous Indian TV channel NDTV, only to wait endlessly for half a year, before realising that she has been befooled. Mustering courage, Nidhi tweeted about the incident, only to be mocked and ridiculed by the majority, with occasional sympathies coming her way. In her tweet she wrote.
Nidhi’s traumatic experience, made me remember about a family that too went through something similar and a bit embarassing, decades ago. The Delhi family had then declared through an organized Press Conference that they had won some 10 Million USD in Lotto. Such scams had then just begun hitting India.
These scams can be simulated to originate from IP’s located in God forsaken lands. Not that these can’t be traced, but then it requires the will and determination of the state to get to the roots of it since many a times the perpetrators of such crimes hide beyond borders. Though Nidhi could file an FIR, much remains to be seen as to how it’s actioned. Lest it goes down as another phishing attack amongst the many that have strewn around victims suffering nationwide as well as globally.
Here are a couple of phishing emails to demonstrate as to how the attacker entices it’s addressee to click on the attachment, marked here in yellow. To look genuine, the emailers often have phone numbers and website addresses, which could be fakes or simply not connected to the attacker.
Another similar phishing email. See the quoted phone numbers and even the website to give a feeling of authenticity to the email and to entice the viewer into clicking on the attachment, that’s often infected.
It is thus critically important that the end users and businesses keep upgrading and learning some of the telltale signs of phishing and how to react when they are being targeted.
As a lesson to learn from the Indian journo’s case, cybersecurity measures for members of the fourth estate become all the more important. As watchdog for govt & industry, journalists often attract unwanted surveillance from corrupt state actors & corporate entities. Cybersecurity thus becomes fundamental to own safety as well as to the integrity of ones reputation.
Though there is no short cut to experience, but on our part in spreading cybersecurity awareness, we bring you an infographic, courtesy Digital Guardian, that pictorially coves phishing attacks in their many forms. This should help users to take measures that can protect themselves against this highly common online threat.