The focus of the article is Cybersecurity for individuals. As The worst could happen with one click. In particular, Cybersecurity and threat prevention are essential for individuals, As India moves towards Digital India- An ambitious project where India paved its way towards Digitalization.
Digital India campaign is something substantial, something practical. Internet users in India to grow by at least 50 million yearly till 2020. The cyber security measures require drastic development. India faces a lot of cyber security threats from overseas; Phishing is popular with cyber crime in India. Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email or other communication channels, You will get an email- designed in a way it is from a trusted source. Phishing has become quite common and it is very important to stay alert from such Threat.
I would like to share my experience when I was in college, I wanted to download few course related books, So I’ve searched for books and came across Dropbox links. Here, Fraudsters tried to lure me into entering my login credentials on a fake Dropbox sign-in page hosted on Dropbox itself. In actuality, the link leads to a fake Dropbox login page that collects a user’s login credentials and delivers them to the attackers; Thank god I am smart enough to spot it. However, I was implementing two-step verification on my accounts anyway. Always make sure you implement 2-step verification and also check the URL’s to know where actually the hyperlink leads to. I’ve come across people, who said: “It’s a huge company dude with some cool technology for security, you gotta trust ‘em “.However, It didn’t stop me from protecting myself as I strongly believe in the quote ” Do not believe in anything simply because you have heard it “. Here in this scenario Dropbox unknowingly hosted that fake login page, Dropbox SSL certificate also protected the page with a secure connection.
In any case, Do not totally trust the anti-phishing software opted by your Email, which spams the emails from untrusted sources. The attacker’s email Id may be from your friends list and contacts and not from any untrusted sources. Here, Attack falls under the category of spear phishing. The attacker utilizes the victim details. In spear phishing, fraudsters customize their attack emails with the target’s name, position, company, work phone number and other information in an attempt to trick the recipient into believing that they have a connection with the sender. In this case, all you gotta do is never open suspicious hyperlinks, these links often contain viruses designed to steal your password or weaken your security. Well, I know you’re curious enough to know what makes a beautifully looking URL or a button that bad. So here’s the tip I can give you, just place your cursor on the hyperlink and kaboom! You’ll know the phishing link where it diverts to an untrusted link example, www.1223321.com/hdiksxj/3hx.
Java applet attack is another example, Where it will give you a notification which prompts you to run it gets access to cookies, history. The most interesting part, How about accessing the local DNS file?
As users become more tech savvy to traditional phishing scams, some attackers are abandoning the idea of “baiting” their victims entirely. Instead, they are resorting to pharming, a method of attack
which stems from domain name system (DNS) cache poisoning. The local DNS file may be modified by
the attacker. DNS basically translates hostnames to IP addresses and vice versa. This translation is through
DNS resolution, which happens behind the scene. Attacks manipulate this resolution process in various
ways, with an intent to misdirect user to alternative destinations, which are often malicious.
If you want to know how easily “phishing” can be implemented, here are the steps a fraudster takes.
All you need is a social engineering toolkit. You can download it as easily as you download your favorite movie star’s movies. The other steps are as follows
- Go to the Facebook home page and copy html file
- Convert html file into PHP file
- Now you will host this PHP Facebook page
- You can create a link to your host page , so you can send to anybody to know their Facebook password.
- If they click your link and sign in then you can get password easily.
Eventually, You can click on whatever link you find legitimate, but unless you enter your password or bank account information, you can never be “phished”. You’ll be able to more quickly spot some of the most common types of phishing attacks. But that doesn’t mean you will be able to spot each and every phishing attack. On the contrary, phishing is constantly evolving to adopt new forms and techniques. It’s imperative for the government and organizations to implement security awareness training’s with its employees and people who use the internet. I would better suggest you to go for good antivirus software which allows you to protect your system from accessing any of these spamming websites which might have an intention of stealing your confidential data. If you’re worried about other kinds of online threats, avoiding links is a bit of overkill. A good measure of protection is by not downloading or executing programs from unknown sources. Simultaneously, you can join the fight against it by reporting that link to http://www.phishtank.com/ which is operated by OpenDNS, a free service working towards making internet safer.