2. Identifyand
Preventthe
RisingForceof
PhishingAttacks
When we think of hackers and cyber criminals, we tend to think of
them as masterminds wearing hoodies, shutting down websites with
their out-of-this-world coding skills (and godly swagger of course!).
Well, that’s not always the case.
Using a simple yet highly impactful technique like Email Phishing, any
Tom, Dick, or Harry can fool users to commit online fraud.
You don’t need to learn a dozen coding languages to employ phishing
scams and take control of systems.
A huge part of the reason that phishing is so popular is its lack of
sophistication.
3. WhatisPhishing?
• You may not understand the term ‘Phishing’, but chances
are, you would at least have heard of it.
• The thing about Phishing is that you may have fallen its
victim without even realizing it.
• Basically, it is a con trick.
• In the email phishing method, the perpetrators send
malicious links, viruses, malware, and detrimental files via
fake messages, popups etc.
4. Phishing
These emails often show lucrative offers, lotteries, discounts
or they may act like an urgent action needs to be taken in the
form of a password change or an email confirmation.
On clicking the mischievous link, the user is redirected to a
malicious website which can ultimately lead to disasters.
An example of such email phishing has been demonstrated in
the image below.
Here, it looks as if the email has been sent by Amazon, but it
hasn’t been.
If a user misses the tiny details pointed out and clicks it, they
are now at the mercy of their attackers.
6. PhishingStatistics
From a cyber criminal’s point
of view, phishing works like a
charm. As a result, they have
started widening their phishing
net as much as possible.
There has been a rampant rise
in the number of phishing
scams worldwide. Let’s have a
look at the numbers involved.
7. Phishing Statistics
Around 85% of
Organizations fall prey
to Phishing attacks.
Almost 30% of phishing
emails are opened by
the users.
Email attachments are
the number one
medium to deliver
malware.
The average cost of a
spear-phishing attack is
$1.6 million.
One in every three
companies has reported
being the victim of CEO
fraud emails (also
known as whaling).
2016 saw a record
number of phishing
attacks.
A report conducted by
IBM reported a 6000%
rise in Ransomware-
infected files.
8. How to spot a Phishing
email?
If identifying phishing emails was an easy task,
there wouldn’t be so many victims.
Unfortunately, it isn’t.
However, that doesn’t mean that you need
Sherlock Holmes’s deduction skills to figure it
out.
Granted, these tricksters are pretty good at the
art of conning.
Nonetheless, if you pay a little attention, you
can avoid being the next victim.
9. Identifying a Phishing Attack
Fake Email ID
1
Grammatical
Errors
2
No HTTPS
3
No images or
logos
4
Unrealistic
offers/discounts
5
10. 1. Fake Email ID
Cyber criminals send emails that attempt to make
you believe that they are from a legitimate,
trusted organization.
These messages may even include an original
logo along with accurate headers and footers.
However, it comes with a catch.
The fraudsters may use the original logo, proper
images, and thousand other things, but they
cannot use the official email address of the
company.
That would be extremely difficult to accomplish.
This is where you can identify the threat and slam
the door in these imposters’ faces.
Next time you receive an email, make sure you
check the email ID of the sender.
11. 2. Grammatical Errors
• We know that you are probably not a
stickler for grammar, well, neither are the
perpetrators behind fraud emails.
• More often than not, these emails are
comprised of some really silly grammatical
mistakes.
• Spotting these mistakes is not rocket
science by any means.
• Spot them, dodge them!
12. 3. No HTTPS
• Reputed organizations such as PayPal must
employ a secure connection between the client
and the server to carry out transactions (in
PayPal’s case it’s actually a matter of PCI
compliance).
• An SSL certificate must be installed on its
website.
• If a fraud email has been sent to you, most of
the time the redirected website won’t have
HTTPS as the prefix in the URL.
• That’s a dead giveaway.
13. 4. No images or logos
• Most of the times, phishing emails are written
in HTML.
• As a result, these emails are found in text
format only.
• They don’t have any logos or images
whatsoever.
14. 5. Unrealistic
offers/discounts
• The word phishing has its roots
in the word fishing.
• How do you catch a fish?
• You give it a bait, right?
• Well, this is exactly what cyber
criminals do.
• If you see an offer or a scheme
that is too good to be true, it
probably is.
• Don’t fall for it. IT’S A TRAP!
15. Tipstoprotect
againstphishing
scams
• No matter how much attention we pay,
sometimes we might miss a tiny detail. This can
be enough to shut down your entire
organization’s systems (no pressure, right?).
Therefore, it is always recommended to have a
fool-proof plan in place. Here are our tips to steer
clear of phishing scams.
16. Protectyourselfagainstphishingscams
1
Improve your
computer
security
2
Keep your
system up-to-
date
3
Stay away from
Popups
4
Keep checking
your bank
account
statement
5
Enter your
personal
information in
HTTPS-enabled
website only
6
Avoid clicking on
links from emails
7
Avoid entering
personal
information via
public networks
8
Report a
phishing scam
ASAP
17. 1.Improveyour
computersecurity
• Whether you want to guard against phishing
attacks or ransomware attacks or any other attack
for that matter, improving your computer security
should be on top of the list. This can be executed by
deploying a firewall, anti-virus, spam filters, anti-
spyware etc.
18. 2.Keepyoursystemup-
to-date
The updates exist for a reason—improvement.
The developers keep rolling out updates every
other day to remove the bugs and
vulnerabilities present in past versions. So,
keep updating all software including your
operating system (OS).
19. 3.Stayawayfrom
Popups
• DO NOT click on the links given in
a popup.
• DO NOT share any of your
personal information in a popup.
• In short, don’t do anything on the
popup. Stay Away!!
21. 5.EnteryourpersonalinformationinHTTPS-enabled
websiteonly
You may be aware of the fact that
there are two communication
protocols —HTTP and HTTPS. The
‘S’ in HTTPS stands for Security.
Therefore, any data you enter, any
transaction you make is
safeguarded by means of an SSL
certificate.
22. 6.Avoidclickingonlinksfromemails
This is one of the most widely used
technique to fool the users and
making them fall into the trap.
Even if you receive a mail saying
that a person wants to be friends
with you on a social media
platform, don’t click on the link.
Instead, go to the social media site
manually.
23. 7.Avoidenteringpersonal
informationviapublicnetworks
• When you are connected to a public
network, you are at the highest point of
vulnerability. Even 12-year old Billy could creep
into your device after watching a couple videos
on YouTube and downloading an app. You
certainly don’t want that, do you?
24. 8.Reportaphishing
scamASAP
If you are able to figure out a
phishing scam, report it straight
away. Ignorance is certainly not an
option here. Where do you report it?
First of all, report it to your email
service provider. The service provider
will stop the phishing emails from
circulating. You should also report to
the organization being targeted. For
example, if you receive a spoof email
from Amazon, then you should
report it to Amazon.
25. Final Words
What do you do when you are in front of a con
artist? You pay attention. All they want is to
sidetrack us and gain the advantage of that single
moment of distraction. Don’t worry. Be aware,
take the preventive measures and you should be
fine.
26. Related
Resources
• Phishing by the Numbers: Must-Know Phishing
Statistics
• Why US Senate adopts HTTPS encryption?
• Tools for Business in the Battle against
Cyberattacks