- Phishing emails from “firstname.lastname@example.org” or with the subject line “COVID-19 Testing” (recent SBI fraud in India) or
- India-covid19.com (any fake domain names)
- Phishing emails from ‘email@example.com’ instead of ‘firstname.lastname@example.org’ or
- www.facebo0k-login.com (fake login pages)
- Depending on the types of a victim (individual, corporation, Big fish like CFO, etc) Phishing attacks differ like – Spear Phishing, or Smishing or Whaling or Pharming.
Simple Bootup hijack (Back Orifice 2000): Pertinent for people who’re now working from home has to share their Windows desktop, sometimes gives system control. Like this when any unattended PCs are available, running some simple codes in the system directory to get complete control of the victim’s pc keystrokes, screen, etc; it is too dangerous since it operates silently in the victim’s computer and undetectable to any antivirus running on victims computer.
Bruteforce Attack – It’s an attempt to guess a password or encryption key by systematically checking every possible option. For Ex. ‘Facebook brute’, ‘Twitter brute’, other eCommerce brute viruses try to steal your password; that’s why passwords are given limited try option until the account locks. Yet unfortunately, it is being seen that most of the people don’t change their default/ first password.
How to Protect yourself – Tips and Recommendations:
Follow Govt. approved Webpages, Mobile App
- Strictly follow Govt. webpages, approved Apps for Covid-19 news and updates
- Be careful about the site visit- try to avoid ‘HTTP://‘ pages, always visit ‘https://‘ pages
- Avoid webpages with unfamiliar fonts, color, spelling errors
- Try to use office/ corporate computers for online banking, money transferring as they provide end-point protection against any malware, external threats
- Double-check the UPI Id, validate the bank/ merchant name before payment
- It’s better to avoid untrusted Covid-19 links, forwarded messages, any job offers on WhatsApp or SMS
- Be careful about KYC SMS links, don’t share until you verify the link
- Discard emails from an unknown person, unfamiliar address
- Avoid emails containing untrusted attachments – just delete or report phishing.
- For your info phishing, emails generally contain info like Prizes, Lottery, Job offers, freebies, etc.
Before you Accept/ Click
- Don’t click on online widgets, flash images, pop-ups during browsing a webpage
- Don’t Accept cookies from untrusted webpages, click ‘x’ and close
- It’s mandatory to install authentic antivirus, security apps & update them regularly
- Use WPA2 encryption for your home WiFi router
- Don’t use pirated software, movie download sites, adult sites, untrusted eCommerce platforms
- Periodically scan all files (incl. the zipped, hidden) in your PC, Tablet, Phone
- Check if any site has your default password – if so change it
- Change password for online banking, eCommerce sites, trading platforms every 2-3 month
- Try not to avoid free WiFi at Airports, Coffee shops, or Railway platforms like areas; and never log in to your online banking page or make any financial transactions