Phishing
We all enjoy to make fun of our best friends in our childhood. Those good olden days never return. Some of the fun activities like scaring people from our fake sleep, giving friends some chocolate cookies which actually made out of clay, pulling the chair out when our friend about to sit on it. Everyone has done these naughty things. Isn’t?. If you have done one these, then you are already familiar with Phishing. Because phishing is similar to holding our laugh or action until our friend believe the things that we have done for fun is true.
Online crime is one of the things which causing a huge security threats around the globe. Each day hundreds of reports where filed, in that very few were resolved because most criminals disguise their identity. Some of the well developed nations have already lost millions of dollars in this year due to online security issues. It is expected that online crime damage will cost the world nearly 6 trillions dollars by 2021. Most of the online users like us are getting into trouble in internet due to lack of awareness about what we are doing in it. One of the hacking methods that we are going to see here is Phishing.
Phishing — An inside look
Phishing, it sounds similar like fishing. right? Not only the sound, the procedure also the same. Fishing is a simple process but we need lots of patience and a right hook to catch a fish for dinner. In online world, the hacker (attacker) will do the same. But here instead of hook the attacker use an email or a document download. I pretty sure we all get an email stating that “Urgent action required” or “You won a lottery” that is actually a hook from an attacker. If you click the link, you became dinner for them. What will happen after clicking such kind of dodgy emails? Mostly those email will ask you to click another link, by doing so it will open a new page but parallely it will install a bad software in your computer. That software actually steal your password and other secrete information from your computer that is not what we want. Let’s see how can we avoid such kind of attacks.
Look at the above e-mails and do a quick scan. It says “departmental.alert” with the subject “application is pending for processing” and “RADO” with the subject “Your Package Delivery Pending” which has no clear meaning at all. It doesn’t say what department, which application. Normally a trust worthy mail contains clear meaning in it’s subject itself. Let’s move on and see what’s inside that e-mail.
Check the sender’s mail address, it doesn’t say where it is actually from. A trusted mail address ends with it’s company/brand name like xyz@amazon.com, xyz@facebook.com definitely not like xyz@discount.com, xyz@mailinfo.com etc. Now you need to be more cautious about it. Pretty clear it’s either be a scam or phishing email. But in my case, thankfully google has done some good work to move this email to spam folder. Last but not least, let go through it’s content as well.
There is nothing more I can say from the above email content. Here, they didn’t mention the details of the application or the company or anything. All they need is to click some link. Also they have created some kind of urgency in “please note” section. Now it’s pretty much confirmed that the mail is not from any legal company. It is our responsibility to either delete this mail or proceed for further actions.
Now a days current generations are completely aware of these fake emails. But modern phishing attackers handling those awareness in completely different way. Emails like job offers, mega discount, account rejection, banking etc., will urge users to click some link. We need to remember that no trusted organization/company will ask you to do actions directly from your e-mail. So, if you get any e-mails with attachment from your friend/company, just cross verify it before doing any actions like downloading. A few minutes of patience will save you from life hacking threat.
