Microsoft (19%) topped the list of brand names imitated for phishing attacks in the Sept quarter globally said cybersecurity firm Check Point. Google and Amazon, the most imitated brand names in June quarter, slipped to number 3 and 9, respectively. The top five most imitated band’s list include DHL (9%), Google (9%), PayPal (6%) and Netflix (6%). Email phishing accounted for 44% of attacks, web phishing for 43% and mobile phishing for 12%. WhatsApp was the most imitated brand in mobile phishing.
CERT-In has alerted NIC email service users of a phishing campaign, asking users to verify their govt accounts. The email, pretending to be from NIC, consists a malicious link/ attachment that contains topical info to lure users into opening it. Hence, infecting the system and stealing victims’ personal info. The system can also be used to send such emails to other users. Users are advised to verify the URL (https://email.gov.in) before entering their details.
Phishing involves sending emails, messages with either tempting offer or scaring customers. These emails usually contain links to websites that install malware, trojans, spyware into the system or can directly ask for payment info. The same process, when done through voice calls, is known as vishing. Disguised fraudsters offering to complete wallet KYC is another popular attacking method. Staying vigilant is the only way to stay safe.
Google’s Threat Analysis Group have detected hacking attempts on the Google accounts of 50 to 100 individuals in India during April. The group has been tracking over 270 government-backed cyberattacker groups from more than 50 countries. Majority of these hire to-hack groups are based in India. Google accounts of 1,755 individuals, across the globe, were targeted by government-backed cyberattackers. The US, with over 200 individuals, tops the list.
Cybercriminals are using email attachments containing malicious Excel 4.0 macros to put malware on user devices. The attachment contains excel sheets having trackers, data and graphs on the pandemic and it looks very real. The campaign began on May 12 and has used 100s of unique attachments. The attack, falling under a subcategory of phishing, has caught up over the years.
1) Relying on passwords gives users a false sense of security. Elimination of passwords and relying on identity can get greater security. 2) Organisations see cloud security as data centre security. However, only streamlining people, processes and systems, can avoid security issues. 3) Phishing emails are not obvious these days. Built-in security protocols from email providers could tie up loose ends. 4) People should not assume that why would a hacker target them.