Weekly Cyber Security News: 17th July 2018

Posted by on July 17, 2018 0 Comment

This is a weekly news update for the 17th of July 2018. This post is part of the weekly news series on cybersecurity with content curated by the hackers & experts at Security Brigade.

India Among Top Three Countries Most Targeted For Phishing

Phishing and malware-based attacks are the most prolific online fraud tactics developed over the past decade. Phishing attacks not only enable online financial fraud but these sneaky threats chip away at our sense of security as they get better at mimicking legitimate links, messages, accounts, individuals and sites.
According to the RSA Quarterly Fraud Report for the period between January 1 to March 31, 2018, phishing accounted for 48 per cent of all cyber-attacks. The report that contains fraud attack and consumer fraud data and analysis, noted that Canada, the United States, India and Brazil were the countries most targeted by phishing.
Read More

The Biggest Hacks And Data Breaches of 2018 (so far)

We’re now more than halfway through 2018, and the number of data breaches is ramping up. This year has seen more third-party services being breached and customer data stolen from multiple companies in one go. From the devastating Aadhar breach to Ticketmaster, here’s a roundup of the year in breaches.
Read More

Online Bank Accounts Among Hackers’ Favorite Targets

The number-one threat is attacks that target web application users. Alarmingly, 87 per cent of banking web applications and all government web applications tested by Positive Technologies were susceptible to attacks against users. Users of government web applications, in particular, tend not to be security-savvy, which makes them easy victims for attackers.
Read More

The IoT’s Perplexing Security Problems

With over 50 billion dollars spent globally on IoT products, companies need to pay attention to the deployment of IoT devices. Devices are regularly put online with default passwords, legacy code riddled with known vulnerabilities, and a lack of defined policies and procedures to monitor them, leaving companies extremely vulnerable.
Read More

Endpoint Security-Related Issues That Providers Encounter

Endpoint security is of critical importance to all kinds of organizations. Efforts are on to secure all endpoints in enterprise networks. These include mobile devices, laptops, desktops, servers etc. “Fileless attacks”, which exploit gaps in traditional security, are also on the rise and efforts are on to prevent these as well.
Read More

5 Steps to Avoid Phishing Scams in E-mail

Posted by on December 25, 2012 3 Comments

Anyone with an e-mail account, has at some point of time received phishing or scam e-mails. These range from Nigerian Princes to Local Banks requesting funds, assistance and so on. Some of these e-mails may be legitimate (sans the Nigerian prince), however most of these are a common technique known as phishing. Phishing scams are used by fraudulent scammers to get your personal information such as credit card details, username password, banking details and so on.

A friend of mine recently received an e-mail from his bank informing him that “his account was accessed from a blacklisted location and he should update his account information to avoid termination of services”. On opening the link, it presented him with an identical login form of the banks net-banking portal. Only this form asked for information such as Corporate ID, User ID, Login Password, Transaction Password, Mobile Number, Email Address and Email Password.

Phishing Evidence
Sample Phishing Page

Anytime you receive such e-mails, you should keep the following in mind:

  • Banks will never ask you to provide account or other personal identification information via email.
  • Banks will never ask you to click a link in-order to keep your account open.
  • Banks will never threaten to take immediate action unless you perform an act such as clicking a link etc.
  • Banks will never ask you to login with your e-mail account username & password.

Today, these sort of attacks commonly take place against e-mail accounts, social networking accounts and even targeted attacks against corporate users.

Here are 5 simple ways one can take to avoid becoming a victim to any such phishing attacks:

1. Avoid clicking links in phishing or scam mails and instead manually type them in a browser

Scammers often use links such as “baank.com” instead of the legitimate website “bank.com”. So it is recommended that you should manually type in the website link in the browser as opposed to clicking links in the email.

Fake-Link-300x108
Sample Phishing Mail – Fake Link

In the case where the e-mail seems urgent, you can always call the bank and confirm whether the e-mail was really sent by them.

2. Check the sender address in the phishing or scam mails

Scammers usually send phishing mails from addresses like “[email protected]” or “[email protected]”. So we can easily identify a phishing mail by making sure that the email received is from a legitimate sender.

Fake-Email
Sample Phishing Mail – Fake Email

You can refer to any previous e-mails sent by your bank and cross-reference the address in the suspicious e-mail.

3. Verify SSL (https://) authenticity on phishing or scam links

Generally, phishing links either have no SSL or use an invalid SSL certificate. This can be verified by simply viewing the link in the address bar of your browser and check if it starts with https:// instead of http://.

If the SSL certificate is not valid, then your browser will immediately show an error, in which case you need to stop browsing the link and report the e-mail to your bank.

Example of SSL certificate error in Firefox, Chrome and Internet Explorer are shown below:
SSL Certificate Error

4. Avoid replying with sensitive information to phishing or scam mails

Banks will never ask you to provide account or other personal identification information via email. Any email enforcing you to do so is most likely not legitimate and should be reported to your bank.

Banking details and login credentials should be communicate via telephone or through the legitimate website using proper SSL communication.

5. Keep your anti-virus up-to-date to detect and block phishing or scam mails

Most antivirus vendors have signatures that protects user against some common phishing attacks. Hence it is recommended that your anti-virus is kept up-to-date so that it would have the latest signatures and rule sets.

Also, it can prevent things such as a Trojan disguising your Web address bar or mimicking an https secure link. If your antivirus software is not up-to-date, you are usually more susceptible to attacks that can hijack your Web browser and put you at risk for phishing attacks.

For Windows users, we would recommend the free version of Microsoft Security Essentials available on the Microsoft website.

If you have or do come across any such phishing incident, you can report it to CERT-In (CERT-In (Cyber Emergency Response Team of India) at [email protected]