For last few days perhaps millions of banks account holders in India had received emails from”firstname.lastname@example.org“ or with the subject lines ‘COVID-19 Testing’, ‘COVID-19 support’. As per warning from major PSU Banks they’re all phishing attacks, tries to steal customer’s sensitive login information. To warn its customers SBI tweeted:
What is Phishing?
It uses fake login pages, fake subject lines, sometimes fake job offers/ password expiry emails to defraud people. When you click on them sensitive information like username, passwords, key loggings are stolen. Advanced cyber attacks like Ransomware starts with Phishing.
Example of Phishing:
from ‘ instead of ‘email@example.com’
· facebo0k–login.com (fake login pages)
Depending on the types of victim (individual, corporation, Big fish like CFO etc) Phishing attacks differs like – Spear Phishing, or Smishing or Whaling or Pharming.
Like Phishing, there’re many other ways to lure people with a “free subscription link”, “free insurance link” over WhatsApp, or using fake weblinks victim’s social media account page is comprimised and many more.
How to safefuard against Phishing and related cyber attacks:
- Discard emails from unknown person, unfamiliar address
- Avoid emails containing untrusted attachments – just delete the
- Phishing emails generally contains info like lottery, job offers, freebies etc.
Govt. webpage, mobile application
- Strictly follow Govt. webpages, genuine Apps for Covid-19 news and updates
- Don’t visit any ‘http://‘ sites, always visit ‘https://‘
- Avoid webpages with unfamiliar fonts, color, spelling error
- Try to use corporate computers more for online banking, money transferring as it provides end point protection against any malware, external threats
- Double check the UPI Id, validate the bank/ merchant name before payment
- It’s better to avoid untrusted Covid-19 links, forwarded messages, any job offers on WhatsApp or SMS
- Be careful about KYC SMS links
Don’t Accept/ Click
- Don’t click on unknown online widgets, flash images, pop-ups when you’re browsing websites
- Don’t Accept cookies from untrusted webpages
Home PC, Mobile
- Its mandatory to get an authentic antivirus/ security app installed and update them regularly
- Use WPA2 encryption for your home router
Avoid untrusted sites
- Don’t use pirated software, movie download sites, adult sites, untrusted eCommerce platforms
- Periodically scan all files (incl. the zipped, hidden) in your PC, Tablet, Phone
- Check if any site has your default password – if so change it
- Change password for online banking, eCommerce sites, trading platforms every 2-3 month
Avoid public Wi-Fi
- Never use free WiFi at coffee shops, Railway platforms, Airports