Don’t let new tactics get you phished!

Don’t let new tactics get you phished!

Evolving and progressing in life goes hand in hand. One must always make efforts to progress so life doesn’t get stagnant. However, in recent years phishers seem to have taken this mantra way too seriously; as every year they tend to come up with new tactics to phish their victims. Just with the onset of the new decade, phishers came up with a new technique to swindle victims using the same old phishing technique but with a new twist to make it look more genuine and easy to trick.

What is the hype all about?

In the month of January this year, computer expert Terence Eden brought into the knowledge of people about a new trick that is being used by the phishers. Reportedly, the phishers sent a message to his wife masquerading themselves to be from EE asking for personal information using a different type of URL. Fortunately, Eden’s wife was not a user of EE; however, Eden did manage to notice a weird and new thing in the message. The message read:

As can be clearly seen in the URL above, the phishers have managed to use three elements to make it look genuine.

  1. The use of HTTPS://
  2. Using the real and official subdomain, that is ee.co.uk and,
  3. The main element of the date, that is Jan 02

What is the cause of concern

The elements as stated above has caught all the attention and also the causes of concern.

  1. Use of HTTPS:// – One of the main concerns and reason to worry about is the throwaway prices at which the domain servers provide sub-domain these days. Anyone can easily get access to domain names of popular and established companies, making it difficult for non-tech savvy and people unaware of such attacks to become prey of one. These hoax websites manage to get the SSL certificates due to which the sign of lock is shown in the address bar; which makes the whole act look even more real.
  2. The ee.co.uk was just a subdomain that was replicated and constructed by adding other information which is usually not added in phishing e-mails, making them look more genuine.
  3. The current date was added in the URL which is a new card played by the phisher. When a potential victim comes across such a message, they see “jan02.info” which makes them believe that the link has been directed from the company itself.

How to protect yourself from such attacks?

One can find multiple alternatives to save oneself from phishing attacks like security awareness training, e-mail filters, etc. but to tackle this specific new type of phishing using DMARC protocol has to be your best bet.

DMARC is an abbreviation for domain-based message authentication, reporting, and conformance. This is a protocol that further uses a combination of two frameworks namely, sender policy framework (SPF) and DomainKeys identified mail (DKIM) to authenticate the legitimacy of a website. When the SPF and DKIM fail in proving the authenticity of an e-mail, only then the DMARC protocol works towards protecting the user.

When a DMARC policy is properly configured, it helps the user in deciding whether or not to accept or reject an e-mail from a particular sender. When you use a DMARC for protecting your brand or your individual information, it saves you from receiving messages from unauthorized senders.

DMARC not only protects you from receiving e-mails from phishers but its reports also provide you with information on people who are sending e-mails to other people using the name or domain of your company.

Finally, DMARC does more than just identifying and analyzing e-mails and bogus websites. It also helps in creating a community which helps in establishing a policy that authenticates the messages in circulation. When this happens the overall email environment becomes a safe and secure one.

According to research, more than 70% of e-mails around the globe are fake, 30% of these phishing emails are opened by victims, 9 out of 10 emails have some form of ransomware in it and steady growth of over 4,00,000 phishing sites from the year 2016 has been observed. If these figures were enough to spook you, there is more to it. Therefore before you become one of the victims of such attacks, get your DMARC program installed today.

To sum up final thoughts

The beginning of the new decade has brought with itself some new risks as well. Phishers are trying their best to stay one step ahead and trick people into traps. However, as an aware netizen, you must try not to fall in such a trap and be alert with the link and websites you are visiting. Keeping track of all the new tricks used by phishers and the precautions available to protect oneself will help you in the long run.

TIKAJ’s Anti-phishing service will help secure your intangible treasure.

Make anti-phishing solutions ride shotgun in your company’s modus operandi

Make anti-phishing solutions ride shotgun in your company’s modus operandi

A person is always very particular and vigilant when it comes to his or her close one’s secrets. They try to protect it while keeping their lives on stake. This is because they understand the sensitivity and tenderness of the secret and the chaos it can create if they beans get spilled. The same situation works for a company as well. The business owner or the core workers know they sweat and blood they had to invest to make they the company stand at the position it stands today. Therefore, it becomes their utmost priority to safeguard not only the company’s sensitive data but also the reputation and trust the employees and customers lay in it.

The company holds a lot of important matters with it which includes the data, finance, intellectual and intangible property. The security of these elements is as important as the assets itself. When these elements get into the hands of attackers, it can land the company into problems with irreversible consequences. Therefore along with proper awareness among the employers and employees, effective solutions are equally vital. With the advancement of technology and a detailed analysis of the pattern of the attacks by phishers, a number of solutions are now available which can help the company in the long run.

Need for anti-phishing solutions

The need for any solution or service can be best understood by the urgency of its use. Starting with the statistics, in 2018 alone around 880 million phishing e-mails and messages were detected around the globe.

Phishing e-mails disguise themselves as if they are from familiar websites or companies. The e-mails are usually sent in bulk which is a time and cost-efficient method of catching prey. They add attachments or links which contain malware and ransomware making them very dangerous even if a victim clicks on it. Although the phishers have now specialized and upgraded their game, where they attack their victims by creating personalized e-mails for them, which increases the success rate of them falling for it.

The scariest and worrisome part of a phishing attack is that if the attacker gets access to your data, it will months before you could even detect the breach. Even after you detect the breach, it will take you months to contain and get back on its feet to control the damage. This gives the phishers straight-eight months of a headstart to continue with their malicious venture. These reasons add up as to why every company is under the radar of the phishers and how important are these anti-phishing solutions.

How do anti-phishing solutions work?

  • Scans the incoming e-mails- The most important feature of an anti-phishing solution is to scan the e-mails. This is because most phishers make their way into your device through the malicious e-mails they send you. When you click these links or attachments the malware infects your device. However, when you install anti-phishing solutions to your system, the software intercepts the e-mails and lets you know whether or not the e-mail is safe to go ahead with.
  • Processes smart quarantine- You might be wondering what if your important e-mails are marked as spam or get blocked and never reaches you. However, the anti-phishing solutions provide you with smart quarantine which means it will never mess up with your important e-mails or mark it as junk.
  • Real-time blocking of malicious URLs and links- No matter how aware or experience you are with surfing the internet, one misclick is enough to infect your whole network. Therefore, installing a proper anti-phishing solution will stop you in the first place from loading into malicious webpages or clicking on the links. So now you can safely surf the internet and without worrying about malicious webpages or links.
  • Protects all the devices other than a computer- While a number of excellent solutions are available for protecting your computer; there is a lack of cybersecurity options for your mobile phones. As more and more people prefer using their phones for carrying out most of their activities, having proper security options for your phone is equally important. Anti-phishing solutions come as a good tiding as it includes multiple software for protection of your mobile phone and similar devices as well.
  • Prevention from spoofing- If your website earns a lot of traffic or is gaining popularity, you may be a possible target of phishers. They spoof your website and misuse it under your name. Phishers these days also use a number of spoofing e-mails that you might receive. In such cases, anti-phishing solutions sniff out any incoming spoofed e-mail or help in detecting spoofed websites; decreasing truckload of the responsibility off you.

Some final thoughts

It is an important step for all companies to educate and create awareness among the employer and employees regarding the prevalence of phishing attacks and all the possible techniques used by them to phish their victims. It is equally important for them to provide insights as to how these attacks can affect the company in multiple ways. Having said that, the implementation of only security awareness training is not enough for providing all-round security for the company. Every company must install software which can ensure that any kind of phishing attack can be prevented both at the internal and external level; which gets us to the conclusion that anti-phishing solutions are a must in every company or individual’s modus operandi.

How to save yourself from falling into the “phishing trap”?

How to save yourself from falling into the “phishing trap”?

When we hear the word Phishing, what image do we visualize exactly? Don’t we see a fisherman, sitting with a fishing stick to trap fishes? Yes, we do.

Oh! I think I’ve made a small mistake. I wrote “Phishing” instead of “Fishing”. But was it really a mistake that was made? No. I’ve written it deliberately. But why?

Phishing is a thing which is actually the same as fishing, though not literally. In “Fishing”, a fisherman makes TRAPs for fishes to get trapped and here Dodgers prepare TRAPs for users to get trapped. The only difference is in the techniques. Formally phishing is mainly a cybercrime. It is a fraudulent attempt of getting personal and sensitive information like passwords, pin codes, debit and credit card details by cloning oneself as a trustable entity in electronic communication like Gmail, telephone or text messages.

TRAP

As mentioned above, we are also trapped by the TRAPs. If you think that it was a sarcastic comment, then let us get you a clear picture as to what we meant by it.

Let us be aware of the TRAP:

T – Tab nabbing

It is a kind of phishing attack and computer exploitation that persuades users to submit their login details along with passwords to renowned websites by impersonating those sites along with convincing the user that the site is authentic. 

R – Redirection (Covert Redirection)

Redirection refers to Covert Redirection. It is a subtle procedure to perform phishing attacks that make links appear legitimate but actually redirecting it to a forger’s or attacker’s account.

A – Adulteration (Website Forgery)

The word “Adulteration” means Forgery. This refers to Website Forgery. Some forgers can use JavaScript commands in order to change the address bar of the website they lead to. This is performed either by placing an image of a legitimate URL over the address bar or by eliminating the original bar and opening up a new one with the legitimate URL. 

P – Pageant (Clone Phishing)

The pageant is the synonym to clone or disguise. It is a type of phishing attack where phishing takes place through emails. It is a type where a legitimate and pre-delivered email containing an attachment or link which has its content and recipient address(es) taken and used to prepare an almost identical or cloned email. 

Consequences

As you are quite aware of the TRAP, now we can easily get into its consequences. 

We are quite aware of the term OTP, right? We are also aware of its full form and what OTP means. It’s a One-Time Password. But presently, it defines something else. Its present abbreviation is Officially Trapping People. Maybe it sounds ridiculous but this is the actual fact. 

OTP (One-Time Password) is considered an effective deterrent against cybercriminals trying to extort money from the bank through online transactions. 

There are many such cases where criminals fooled customers and forced them to reveal their OTP, accessed it by android hacking or learned how to hack OTP of other mobile numbers. But now, they found another way of looting. They request your bank to change your phone number linked with a bank account. A cybercriminal can smartly walk into the bank, impersonate you, request a change in the registered number and use the connection to receive the OTP. Impersonation is a quick and simple process to carry out an OTP theft. 

A resident of Janakpuri in Delhi has been duped by a criminal, who was victimized by losing Rs11.5 lakh from his current account recently by impersonation, according to a TOI report.

Police informed on August 31, that two persons arrived at the bank and one of them impersonated the account holder. They requested alteration in the registered number and fill in the prescribed form. After registering the new one, they carried out online transfers from the victim’s account using the OTPs sent to the new mobile number. They withdrew Rs11.5 lakh and transferred to six different accounts held in a bank in Dwarka and then further withdrawn through ATMs and cheques. After the crime was committed, they just switched their number off. 

There is another way of OTP theft. Criminals can dupe a bank customer by contacting the mobile operator with fake identity proof and get a mimicked SIM card. When the operator deactivates the original SIM, the criminal generates OTP on the new number and conducts online transactions and this is how to hack OTP of other mobile numbers.

Conclusion

It is becoming impossible day by day for banks and the government to take preventive measures and make the customers aware of such transactions. If you’re now aware of what OTP means (Officially Trapping People), kindly take precautionary measures. Don’t give your personal and sensitive details to anyone. Don’t fall for a better opportunity and don’t get trapped into the TRAP of the fraudsters.

TIKAJ’s Anti-phishing service will help secure your intangible treasure.

Identify-holiday-phiser

How to discern Santa disguised phishers this holiday?

Holiday season is around which means the season of sending and receiving gifts and pleasantries is here as well. According to a report, a whopping $143 billion is spent by customers just between Thanksgiving and New Year. This stands as a very happy figure for the phishers and scammers to rake in through the bank accounts of the customers.

You must have noticed a flooded inbox filled with e-mails and text messages luring to indulge in those vouchers from your favorite shopping mall or discount coupons from your go-to food joint. Free giveaways, life-changing lotteries you never enrolled for or charity messages shouldn’t fool you to fall prey to greedy phishers waiting to make quick bucks this holiday season.

If you receive e-mails, message or even calls which makes offers too good be true, its time you double or triple check, before you give in to them. These messages could have malware which once clicked could empty your bank account even before you realize it, pouring cold water on your happiness and warmth this holiday season.

Holiday phishing like every season is on a rise this year too. Save yourself and your loved ones with this informative article which gives you insights regarding every important detail you need to know about holiday phishing.

SIGNS TO IDENTIFY HOLIDAY PHISHERS

Phishers as their occupation asks for, are very clever. One can take phishing emails examples or messages which are sent by them look that very genuine and appealing. However, to save yourself from these traps, we have mentioned a few important points which will help you in identifying them.

Identify-holiday-phisher
  • Hoax shipping notifications:
    With holiday season around, the number of orders placed online increases. Phishers take advantage of this situation and send emails or messages quoting a fake order number and other details being shipped to you. One must not fall for such messages even under curiosity; they should inquire with the retailer or track the order online through their registered account.
  • Fake charities:
    As the irony serves, the gratuitous nature of phishers erupts as well during the holiday season. They may text or email you, claiming to be a charity and asking for donations. Make sure you check the legitimacy of the charity house and make sure it exists and works for the same cause as for which you are making donations.
  • Long-lost friend:
    Phishers knows when the iron is hot so they can hit the rod. The holiday season is one time of the year when all the friends get back in touch. Phishers can easily get access to your contact or friend’s list and send you emails personating to be someone you know. Before replying to the message you must double-check whether the person who claims to be the person you know is the same; also warn your friend if you think their contact list may have got compromised.
  • Social media “the new pool of phishers” :
    With a large number of traffic being active on social media, criminal intentions are bound to get followed. While surfing social media make sure you check the links you click as the phishers may use URL shorteners to lead you to sites which will install malware on your device and then get easy access to all the data. To save yourself from such compromising situations make sure you check links for typo errors or repeated letters to identify imposter website.

TYPES OF HOLIDAY PHISHING

Phishers have come forward with different ways to trap people and loot them this holiday season like every year. Below are mentioned a few phishing attack types.

  1. Fake apps and websites

    The time between thanksgivings to New Year is that one time where people indulge of all ages enjoys shopping. With the advancement of technology, people have started to rely more on online sources to buy presents; which turns out to be a treat for phishers. When the victim gets attracted to really exciting offers and decides to purchase things from non-verified apps or websites, they fall into the trap of phishers. In this type of phishing scheme, the victim first receives an email which directs them to fill their payment details and other banking credentials after which the phishers drains out all the money off the victim’s account.

  2. Skimmers of credit cards

    A skimmer of credit card is a small malicious device which criminals use by attaching it to a payment terminal like one at the gas station, ATM or similar kiosk. When a customer uses such a compromised terminal, the skimmer can create a copy of the debit or credit card and also capture the PIN number. To protect yourself from falling into such a situation one must first look at terminal and see if anything is out of its place, try jiggling the card reader and if it moves around then there could be something wrong. Other than these measures one must try bot save card’s information on retail sites, enable purchase alerts on all the cards and disable any international purchase.

  3. Juice jacking

    Holidays calls for parties especially with huge public gatherings and late night outings. Using public chargers and USBs is very common when the battery of phones get drained out. This is when the term juice jacking comes into play. When you put your phone for charging process, the USB or power cable get illegitimate access to your phone and malicious code may get injected onto your phone making all your private and sensitive information vulnerable in the hands of the person with ill-intentions. In simple words, juice jacking leads to an invasion of your privacy on the use of infected USB cable or injecting malicious code directly into your phone, whose damage could be irreversible in many cases.

Conclusion

The holiday season is a time of merrymaking both for normal people and phishers. It is a prime crime time for holiday phishers who trap people by sending them infected emails, messages and tricking them into purchasing things from hoax websites. To make this time of the year merrier for yourself and your loved ones, be aware and spread awareness about such phishers, different phishing attack types by giving them phishing emails examples and such other messages and by asking them to stay more careful while surfing the internet this season.

malware-virus

Emotet malware being presented to people this Christmas, through Greta Thunberg themed Phishing emails

A global spam email scheme has been discovered which is using Swedish environmental activist Greta Thunberg themed emails to lure users.

Spam consists of a single message that attempts to deliver the well-known malware Emotet

Emotet was discovered back in 2014 as a banking Trojan aimed at stealing financial data. It has now  gone through several iterations and has emerged as one of the most destructive malware aimed at the financial domain.

A recent research discovered this widespread campaign using Greta Thunberg’s name to lure users into downloading Emotet malware.

The email consists of the subject line “Support Greta Thunberg” which invites the recipient to join the protest against the government raising concern against the threat of climate change.

Details regarding the fake protest are included in a file attached to the email. When opened, the file will install Emotet malware onto the recipient’s device.

Image showing an example how the phishing email may look like
Image showing an example how the phishing email may look like

Users should be able to view the malware file in the outdated .doc format for Microsoft Word. The email itself contains multiple spelling and grammatical errors, something anyone would not anticipate from the newly crowned Time Person of the Year 2019.

This campaign is targeting people around the globe with the most targeted victims in Japan, Germany, Italy, UAE, Australia, and the UK. Recipients are also told to forward and promote the malicious email to their good wishers, meaning the campaign has rapidly spread across the world.

This malicious campaign suggests that attackers don’t hesitate to use the face of even famous entities with good intentions. They tend to exploit the factor of public awareness and interest cleverly.

Better to be prepared for such attacks before hand. Train your organizations, friends, family because humans are the last line of defence after a phish bypasses the other technologies. Checkout our Phishing simulation and training solution PhishGrid.

To know more about How to identify a phishing email, read some useful insight here.

Don’t let new tactics get you phished!

Online fraud : Darker side of online payment services

Shopping has never been so much fun until online services invaded our lives. Of course, shopping seems so easy and convenient when we can do it online from anywhere, anytime. Moreover, the generation today is so dynamically growing that they demand comfort at every step of their lives, and so, online shopping services have been the best means to shop saving a lot of time and effort. Rendering online services is certainly a great way to deal with a number of things. Moreover, it simplifies a number of tasks in day to day life. You needn’t run out from place to place searching for the right goods or services, which you can simply look for online while sitting comfortably at your home. But have you ever wondered there might be certain corners of these online services which you aren’t aware of? They might seem to be convenient and highly efficient but are you sure that each site you visit follows a safe and secure payment procedure? Of course not. These days, there is a pool of online marketers who initially look forward to benefiting themselves by pulling you in fake deals or trapping their customers into unethical payment procedures. This is where the concern centers in. Let’s get into this matter to know more about its consequences.

Certainly, many of those individuals who prefer shopping online or rendering any online service uses online payment facilities to make their payments smoother. Many of the sites available today offer a highly secure payment gateway. Did you know how phishing scammers target these online payment securities to break into your privacy or to steal your sensitive information? Moreover, such scammers, these days target the online payment facilitators as their best means to benefit their unethical needs. Online payments scam is a bitter reality of the internet age we live in today and the rates are only set to increase with the increased digital adoption in India. An ACI Worldwide conducted 2016 consumers study places India at the fifth position regarding the bank card fraud rates standing behind Mexico, Brazil, United States and Australia. This is how such frauds are gradually rising with the increasing use of online payment facilities as the phishing scammers target them to fetch out the utmost benefits unethically.

As they say, the foremost weapon against any problem is education and awareness. So, it’s important to understand the payment frauds and online fraud prevention that take place and their consequences. The most common types of online fraud occur via phishing, data theft and chargeback or friendly fraud. When we come across phishing, it is the process of accessing one’s personal information through fraudulent e-mails or websites that claim to be legitimate. The information gathered this way can include usernames, passwords, credit card number or bank account numbers. The most commonly used method for phishing is to redirect an online user through an email or SMS to an official website where they are asked to update their personal information. You are thereby tricked into revealing personal information that you would ideally not reveal to anyone else. Phishing can also occur via other electronic means such as SMS, instant messaging and on email. You can be redirected to make a payment on a website that looks legitimate, but initially is created with an aim to capture your card details so that they can be used later. According to this reports, India is the third-most targeted country for phishing scams. This is how gradually the online payment facilities are turning out to be the ultimate target of phishing scammers benefiting themselves by scamming online shoppers through fraudulent payment techniques or capturing the operating payment gateways and linking them unethically to their own payment gateways to commit fraud.

With the rising number of e-commerce users and online transactions, it is important that we are all aware of the mandatory security protocols for e-commerce websites so that we can avoid fraudulent situations. Data security on an online payment system begins the moment a user visits the site. The TLS Certificate indicates the users that the data transmitted between the web server and their browser is safe or not. An easy way to check if the e-commerce websites you frequently visit are SSL certified is to look at the URL and see if it uses ‘Http://’ or ‘https://’ protocols. The additional‘s’ signifies a secure e-payment system. You can also look for the padlock icon at the beginning of the URL. The modern web browsers are now following the opposite paradigm to make their web surfing safe by marking HTTP sites as “insecure”. The PCI Security Standards Council is a worldwide organization that promotes systematic rules for managing cardholder’s confidential data for all e-commerce websites and online payment gateways. The Payment Card Industry Data Security Standards (PCI-DSS) is in effect with a set of policies that govern how cardholder’s sensitive data should be handled and it also promotes online fraud prevention. For an e-commerce website or an online payment system to be PCI-DSS compliant, they have to follow certain directives such as maintaining a secure network to process transactions, ensuring all data is encrypted during transmission, keeping the infrastructure secure, restricting information access and so on. Also, credit card tokenization helps e-commerce websites improve security, as it eliminates the need for storing credit card data and reduces security breaches. Apart from these crucial protocols, most of the e-commerce websites and payment gateways have their own fraud and risk prevention systems assisting you in securing your transactions.

Conclusion

Obviously, online payment facilitators have eased a lot of tasks in life, though it’s necessary to sustain a secure gateway to enjoy the ultimate security benefits of such online transactions. It’s good for a customer to execute an online payment saving a lot of time and efforts along with enjoying other online benefits, though one needs to be aware of these suspicious corners of online payments to secure their transactions and prevent falling in traps of scamming online.

To know more about Online frauds, Phishing. TIKAJ provides great Anti Phishing services & Anti Phishing solutions.

phishing-scam

Phishing: Watch out for phishers | Salvage from misadventure

Phishing has increasingly become a pervasive problem within the digital world. It can be defined as an act of forging a website or sending fraudulent emails/ text messages in order to get private data from the victims, such as login credentials of accounts, bank account details, etc. This can be done in several ways such as spear phishing, link manipulation, filter evasion, whaling. etc.

The fraudulent party often pretends to be a trusted source such as an auction site, payment gateway portals, social media websites, etc. In many cases, they have been seen to send luring communication which entraps the users. This is a highly vexing issue that is required to be tackled. The most important point of concern during a phishing attack is that action needs to be taken almost immediately when the attack is detected in order to minimize the damage.

Fraudsters often purchase registers or registrar domain name which appears very similar to the original website. Then they post similar but deceitful content on that website and attempt to attract users to that domain by sending out fake emails or text alerts.

What is also very important for the afflicted party is that for the fraudulent website or portal to be taken down immediately and for the criminal to be caught. The latter part is a rather difficult feat because it often becomes nearly impossible to track down the criminal. However, it is absolutely possible to take down the fraudulent website. Just about any online website or portal is vulnerable to a phishing attack. Hence, it is very essential to remain prepared. Domain monitoring is essentially a very effective web solution which helps to prevent such attacks or detect them in the early stages.

Once such a suspicious domain is detected, a business needs to initiate action immediately. The goal should be to take down the fraudulent website so the afflicted business will not get affected furthermore. However, there are many important things that need to be kept in mind when one has encountered this problem. First and foremost, the laws of that particular country should be considered. The legal aspects pertaining to internet services differ from one country to another. For example, in some countries, there are strict legal procedures that are needed to be followed in ordered to peruse and go through with the takedown. For some other countries, the laws may be slightly laxed.

The next step during this problem would be to get in touch with concerned authorities who would be able to provide requisite help in this matter. It is important to collaborate with internet service providers immediately. Most of them have laws or standard procedures regarding such extreme situations and they would be able to guide you. They can provide you with effective web solutions and act very responsibly if the fraud has happened with their services and clients. Then, it is also important to collaborate with IT professionals and Cyber Security members in the organization to come up with a contingency plan.

However, the registrar domain name can be taken down only through the registrar who has created the domain. This is the source from whom the domain was bought. Hence, one of the key steps in the process would be to get in touch with the registrar. You should immediately draft an email to the registrar’s abuse and help the team. In the email, the afflicted business should elaborate on the problem and file a detailed complaint. They are meant to respond during their working hours. And there are a few registrars who have been accredited by ICANN who will have to respond to your complaints as they are bound by law. Yet in some unfortunate situations, the registrar is the fraud and therefore becomes unresponsive even on contact. The situation might seem bleak at this, but there is still another way! There are a few parties which can help you to take down the website such as CSIRTS or CERTs. 

If all the aforementioned procedures are carried out in time, the fraudulent venture can be stopped with almost immediate action and with minimal damage. The collaboration between several different helpful parties can do the major trick and help you get through this issue. Yet, there is always a loophole with this, that the criminal may not get caught too easily even if the website is taken down. He/she might become aware of the fact that someone is at their tail and they may stop this particular venture and embark upon another one.

Conclusion

Hence, the most important thing is to protect your business against such attacks. Monitoring and detection for phishing should be a part of the information security sector of a business or an organization. What you can also opt for is hire a consulting agency who can perform these services for you and keep you protected! As it is commonly said, prevention is always better than cure.

TIKAJ offers amazing Anti-Phishing services.

55525735-min (4)

Phishing: Online Brand Impersonation

Brand Impersonation is a kind of phishing attack where attackers claim to be from a product/service that is known. They send out malicious content-containing emails. These emails appear like a well-known bank, credit card company, an e-commerce site, or even an organization of the government.

The number of phishing sites identified per week has increased dramatically from 3,800 in November 2007 to 49,696 in November 2017, according to Google’s Transparency Report 2018.

Reasons of Brand impersonation

  • Use the login credentials of the target to view financial details and enable transfers of funds.
  • Stealing personal information to offer to others, such as address or phone number.
  • Ruin the confidence of the clients of a service provider by paying fake dues to them.

Four types of Brand risks

  • Domain Infringement- Adversaries file web domains that are identical to your existing domain names, including typo squats and domain squats. They also use these in attacks to collect phishing, ransomware, or passwords.
  • Spoof Company Social Media Profiles-  Having social media accounts set up to mimic organizations is all too normal, often to influence customers. These spoofs typically take the form of bogus help accounts that threaten to dupe clients by clicking on malicious links or exposing their credentials.
  • Spoof VIP Profiles-  This is a similar approach to fake profiles on social media, although here the spoofs are the staff themselves. Nonetheless, when critics use these identities to conduct persuasive Business Email Compromise (BEC) initiatives, the goals are distinct.
  • Spoof, rogue or malicious mobile applications- While mobile device use continues to grow, companies are moving to mobile applications. Sadly, cybercriminals also build smartphone spoof apps trying to capture their details.

How do Hackers impersonate a brand ?

  • Source Forgery- Source forgery refers to the process in which an email fakes the ‘ From ‘ code. Hackers will easily manipulate an email’s ‘ From ‘ address to make it look real.
  • Links- Product impersonation phishing attacks will have links inserted in the email designed to look trustworthy to click on the potential target. Hackers create false connections to make such ties look genuine.
  • Domains Lookalike- Hackers purchase domains that appear like a recognized brand’s domain. This encourages the effectiveness of client impersonation attempts by hackers.

Brand Impersonation Strategies for Defense

  • Two-factor authentication- Integrate security measures and higher-level access for all the online portals and accounts. Keep criminals with two-factor authentication from infiltrating your network, significantly reducing the chance of a successful direct attack on your servers.
  • Website SSL- Help customers decide more quickly whether they have landed with SSL certification on a valid, official website belonging to your company.
  • Communication- Include a security policy in consumer-facing newsletters, on your social media accounts, and the web, along the lines of “Brand XYZ will never message you to request information about your customer username or payment card”.

Use Anti Phishing Services: Using Anti phishing services will help you monitoring and tracking your brand related activities over the internet and helps with defending against spamming and infringement.

Make anti-phishing solutions ride shotgun in your company’s modus operandi

Reason to invest in Anti-Phishing Solutions

Phishing is an attempt to obtain a company’s confidential data by acting as a trusted authority via messages, messengers, or any other means of communication. Phishing was the third most common type of scam reported by victims, according to the FBI’s 2017 Internet Crime Report.

Reason to invest in Anti Phishing Services:

  1. Cost-Effective for Organization

    Investing money on phishing countermeasures such as anti-phishing services is better than losing money through cyber-attacks. Anti-phishing services will save you from severe financial losses and in the future, it will pay off.

  2. Secure Brand Reputation

    Anti-phishing solutions save your organization’s brand name from fraud techniques that exploit the reputation of a brand. Attackers typically misuse brand names by charging customer payments in return for fake service delivery promises.

  3. Security of Confidential Corporate information

    Not only do phishers aim at the credentials of the business, they even try to exploit corporate secrets. Anti-phishing technology helps prevent disclosure or abuse of your company’s confidential information.

  4. Protecting Customers

    Nothing can beat phishers when it comes to impersonating and tricking people to steal their information. Phishing attacks will threaten clients and misguide them in the name of the company to gain their financial information.

  5. Less chances of Human error

    Anti-phishing approaches focus primarily on training employees and helping them prevent any kind of errors.

  6. Phishing is the axis of assault for all hackers

    Phishing is by far the most exploited vector of attack, or technique, through which hackers get their targets to do bad things inadvertently.
    For example: Stealing Credentials, Duping workers for payments that are illegal, Deploy spyware or malware, Stealing information from PII or PHI.

Start new year with additional security in your organization. TIKAJ provides comprehensive Anti-Phishing Solutions that helps combat against Phishing with in detail insights and service.

55525735-min (4)

Difference between Phishing and Pharming

Phishing and pharming have the same aims, namely to harvest sensitive data from people. Phishing, though, tries to deceive people into doing this, while pharming uses ransomware and DNS poisoning to funnel citizens to malicious websites.

Types of Phishing

  • Vishing
  • Whaling
  • Spear Phishing
  • Clone Phishing

Types of Pharming

  • Hosts file Pharming
  • Poisoned DNS servers

Difference Between phishing and pharming

PHISHING PHARMING
Phishing is meant to capture people’s personal and financial information. Cybercriminals rely on trickery and manipulation to get users to inadvertently expose the details they like, or to force them to obey malicious links or submit malware-infected attachments. Pharming attempts to achieve the same purpose as phishing, but it does not try to deceive online users into disclosing information or visiting a malicious website. Instead, it redirects users to malicious websites automatically, even if the right IP address or domain name is entered in the address bar.
If you are patient, using script blockers, robust antivirus / antimalware applications, and anti-phishing plugins, phishing will usually be stopped. Online users can not stop pharming if the DNS servers of their ISPs become affected.

Conclusion

Both are a serious threat to the internet and cybersecurity in the phishing vs. pharming article. While the software has been developed and new techniques are being introduced to eliminate such crimes, when using the internet in any form, people need to be aware, alert and attentive.