The present era of cyber-attacks or cyber-crime, is mostly directed towards financial frauds, through online means. The perpetrator looks for the fastest means with least effort with nil physical interaction. The sophistication of these types of cyber-attacks are increasing as days goes by. The dynamics of the attack is also witnessing new dimensions as the interaction of the victims on social media and digital interactive platforms penetrating human lives.
In this article we will focus on the different “ing(s)” based attacks that can be termed as Cyber Attacks/Crimes on victims who use the Digital Enabler.
Pharming
The use of digital medium, is possible through HARDWARE devices. The user is forced to use the private gadget or the Cloud Services while on the digital medium. The Pharming is a cyber-attack in which the malicious code is installed on a personal computer or server. This code then redirects clicks you make on a website, to a fraudulent website without your consent or knowledge. One has to be careful especially when the infected interface is being used for financial transactions.
The best way to avoid these scams is by using a trusted device while using Financial Services Online. Also look for the “s” in “https”. It is also ensured that a Trusted Certificate is viewed while using the browser.
Phishing
The trick of social engineering is well prevalent on the Cyber Crime Dash, the attacker is well aware of the tricking techniques and also the targets. The targets are then divulged into giving away sensitive and valuable information.
The pronunciation of the word ‘Phish-ing’ can be related to the word ‘fishing’. Yes, it is an analogy of an angler throwing a baited hook and hoping the fish to bite.
This attack can also be termed as “phishing scam”, wherein the attackers target users’ login credentials, financial information (such as credit cards or bank accounts), and company data, to take monetary returns. An attacker pretends to be a trusted establishment, misguides a victim into opening an email, instant message, or text message. The entities that fall victim to phishing attacks exploit the security hole.
Whaling
The concept of Whaling is as similar to Phishing and the attacker sends emails on issues of critical business importance, masquerading as an individual or organization with legitimate authority. Whaling uses misleading email messages targeting high-level decision makers within an organization, like CEOs, CFOs, and so on. The attacker steals the highly valuable information, including trade secrets and passwords to administrative company accounts from these organisation heads.
Whaling attacks always personally address targeted individuals, often using their title, position and phone number acquired from their company website.
SMiShing
The act of Smishing is not new; the ability of using a text message sent on a smartphone, if clicked upon will then will lead to an attack.
Smishing is a portmanteau of “SMS” (short message services, better known as texting) or a nefarious text message and “phishing.” This is again a cyber-attack misleading its victims into providing sensitive information like your account name and password, banking account or credit card numbers to a cybercriminal. Smishing simply uses text messages instead of email.
The Oxford Dictionary defines smishing like this:
“The fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers.”
Vishing
“Vishing” as it is pronounced does not have any relationship to the word ‘wishing’. It is again a cyber-attack that uses calls instead of emails or text. It is a blend of the two words- “Voice” and “Phishing”.
Vishing is hence, a social engineering attack that attempts to trick victims into giving up sensitive information over the phone. In most cases, the attacker plays on your ‘fears’ of being hacked, sympathy and greed in order to accomplish their goals.
Tips to avoid these cyber attacks
- Exercise data protection and data security policies.
- Establish a multi-step verification process for all requests for sensitive data.
- Don’t click the link. Don’t call that number.
- Don’t respond to the SMS.
- Block the number on your phone.
- Beware of unknown numbers.
- Don’t always trust caller ID.
- Don’t provide personal information.
Protect Yourself
Remember, all these forms of attacks mentioned are done through calls, SMSs, Emails or Links sent on Smartphones. The falling of prey to these attacks, depends on fooling the victim into cooperating by clicking a link or providing information. The simplest form of protection is to stay vigilant and ensure a complete conscious move while using any communication/interactive medium for a financial transaction. The slogan ‘Ignorance is bliss’, does not hold good here. The protection against all these forms of attack is hence vested within oneself.
The internet and mobile technology provide an instant and efficient means to communicate with colleagues, friends and family. As long as the cybercriminals have the motivation to play havoc and profit from weaknesses in mobile communications and lack of social awareness, the threat of cyber-attacks is something all owners of mobile devices and users of internet/online medium, will have to withstand with on a daily basis.
However, the intent is not to create an adverse feel for technology and gadgets. The safe and conscious use of devices and its enabled services is the best policy forward.
Excellent and informative write up.
Thanks a lot for the encouragement