The most Dangerous Cyber Attack – Phishing Attack

What is Phishing?

Phishing is a technique of deceiving people into sharing sensitive information such as usernames, passwords, credit card details by disguising as a legitimate or trust worthy entity in an electronic communication.Victims receive emails or text messages that imitates a person or organization they trust. Unlike other cyber attacks or online threats, phishing does not require any technical expertise. Phishing is the simplest cyberattack and also the most dangerous and effective.

An attack can have devastating results. For individuals, this includes unauthorized purchases, the stealing of funds, or identify theft.

Types of Phishing

There are different ways in which phishing attacks can be carried out and this ways are known as types of phishing.This include:

Spear phishing

Spear phishing is targeted to a specific person or organization. This means it’s content will be tailored for the victim or victims. Before a spear phishing is carried out, there is a pre-attack reconnaissance(information gathering) to uncover specific information about the target. This information includes names, email address, job titles and a lot of other information. With this, the attacker crafts a believable email

Phone Phishing

Phone phishing also called Vishing is the use of voice calls to deceive a victim. This is a very common type of phishing in Nigeria. In Nigeria, the attacker claims to represent your bank and come up with some sort of bank related issue and insist you take care of the issue immediately. They go ahead to request for your account information and this aids their financial scam on your bank account.

SMS Phishing

This is also known as Smishing and it is the use of Short messaging Service (SMS) or text messages carry out the deceitful activity to get personal information from the victim. With the increase in the use of internet connected mobile phones, smishing now comes with malicious links. Clicking on this links directs you to a phishing site where you are asked to provide personal information or infected with malware.

419/Nigerian Scam

A phishing email from someone claiming to be a Nigerian prince is one of the internet’s earliest and longest scam

Nigerian Prince” scams are also known as “419 scams,” a reference to the Nigerian penal code designed to deal with them. They are notoriously difficult to prosecute for both Nigerian and foreign authorities

In its earliest incarnations, the scam involved someone claiming to be a Nigerian prince sending a target an email saying he desperately needed help smuggling wealth out of his country. All the target needed to do was provide a bank account number or send a foreign processing fee to help the prince out of a jam, and then he would show his gratitude with a generous kickback.

These scams really do appear to have begun in Nigeria, but they can now come from almost anywhere

“In a hilarious update of the classic Nigerian phishing template, British news website Anorak reported in 2016 that it received an email from a certain Dr. Bakare Tunde, who claimed to be the project manager of astronautics for Nigeria’s National Space Research and Development Agency. Dr. Tunde alleged that his cousin, Air Force Major Abacha Tunde, had been stranded on an old Soviet space station for more than 25 years. But for only $3 million, Russian space authorities could mount a flight to bring him home. All the recipients had to do was send in their bank account information in order to transfer the needed amount, for which Dr. Tunde will pay a $600,000 fee.

Incidentally, the number “419” is associated with this scam. It refers to the section of the Nigerian Criminal Code dealing with fraud, the charges, and penalties for offenders. This scammers feeds on the weakness of human to carry out their malicious activities.

How To Identify Phishing Scam

1. If the email is coming from a company or organization, you should be skeptical of generic greeting like “Dear customers” or Dear friend”. This should raise a red flag as most companies or organization will use your name in their email greetings.
2. The email offer sounds too good to be true.” Wow! You just won yourself a sum of $1000, click this link to claim”. Don’t click it because this lotteries and expensive prizes are click baits to install malwares on your system or get personal information
3. The message contains unusual or unexpected email attachments. This attachment may contain malware, ransomware and other online threats.
4. The email contains links that is a little off. Hover over the link to see actual URL, lookout for misspellings. It is better to always directly type in the URL rather than clicking embedded links
5. If the email claims to be from somebody you know, call to verify that they actually sent the email especially if it involves taking some certain actions. This could include downloading of attachments or submitting personal information.

How To Protect Against Phishing

1. Have a good online habit and don’t respond to links in unsolicited emails or social media
2. Don not give sensitive information to anyone on the phone or via emails
3. Look out for websites URL(web address).In phishing attempts the web address may look legitimate but the web address may be misspelt or the domain maybe different.(.com when it should be .ng)
4. Hover over links to see if it is legitimate
5. If you suspect an e-mail isn’t legitimate, take a name or some text from the message and put it into a search engine to see if any known phishing attacks exist using the same methods.
6. If you suspect an e-mail isn’t legitimate, take a name or some text from the message and put it into a search engine to see if any known phishing attacks exist using the same methods.
7. Educate your employees and having a phishing simulation scenario carried out on your employees

Identifying phishing can be harder than you think.Try the google email phishing quiz here