Internet security threats: Phishing

Phishing is an internet security threat aimed at retrieving sensitive private information to cyber criminals. The common phishing attack vectors are email, SMS (smishing) and phone call (vishing). Some of the mega phishing attacks that shook the world in 2017 include:

  • The email and SMS attack in Qatar between January and March where 93,570 attacks were launched on businesses.
  • Smishing campaign in Czech Republic where hundreds were ricked into downloading Trojans into their smartphones and computers.
  • Point-of-Sale attack on Chipotle restaurants
  • Fake Amazon deals
  • The theft of over $200 million from Google and Facebook employees
  • Attack on Google Docs, among others.
In Kenya, M-Pesa and Equitel users have also been hit in the past, where a criminal calls your mobile and then gives you deceptive instructions that transfer money from your account to theirs. Some
have even made targets to give their ID numbers after which they replaced their SIM cards and swept their mobile wallets clean.

Phishing campaigns work by creating a sense of urgency, raising curiosity or instilling fear on the victim. Such messages will ask you to enter your username, password or bank details on a site or even download a malicious software/app.

Every month, 1.5 million sites are created to send phish messages. Such messages can target a country, an entire company, users of a particular product/service or individuals. According to statistics, 30 per cent of phishing targets open them while 12 per cent open malicious attachments.

Here are tips to help you stay safe:  
  • Invest in phishing defense tools such as PhishMe 
  • Utilize password managers – they remember passwords and login credentials unless the site URL is
  • altered 
  • Conduct regular phishing tests to create awareness among employees
  • Look out for suspicious URLs. They may or may not contain the company address, and start with http:// instead of https://. Do not open suspicious links. Instead, open the site directly and look for the link. If they ask you to give personal information, call the company to confirm
0 0
Feed