India is the third most targeted country for phishing, according to the RSA Quarterly Fraud Report for Q1 2018.
The list “shows where fraud actors are establishing and maintaining their priorities, and likely where they are experiencing the most success, for any number of reasons”. Only Canada and the US were subject to more attacks.
What is phishing?
Phishing is a form of social engineering whereby cyber criminals pose as a trustworthy source in order to get people to hand over personal information. There are several different forms of phishing:
- Email phishing: Emails will contain a request for information, an attachment or a link. If an email isn’t addressed to you personally, contains suspicious attachments or links, or is sent from a bogus email address, it is likely to be a phishing scam.
- Spear phishing: This is a more sophisticated form of email phishing. Criminals who do this will already have some or all of the following, allowing them to send emails to a specific person: name, place of employment, email address and specific information about their job.
- Whaling: This is an even more sophisticated form of email phishing. Scams involving bogus tax returns are an increasingly common variety of whaling.
- Smishing and vishing: Telephones replace emails as the method of communication. Smishing involves criminals sending text messages (the content is much the same as email), and vishing involves a telephone conversation.
- Social media phishing: This is a relatively new form of attack where criminals use methods such as fake URLs, cloned websites, posts and tweets to persuade people to divulge sensitive information or download malware.
Phishing accounted for 48% of fraud attacks in Q1
Phishing is still the most widely used tactic for cyber criminals, and in the first quarter of 2018 made up nearly half of all cyber attacks.
The report states “this may be due to its low technical barriers to entry, combined with the low resource requirement for simple, low-tech attack vectors such as email”.
What can you do to avoid falling victim to a phishing attack?
To prevent or mitigate these attacks, organisations in India must educate employees to be alert, vigilant and secure.
IT Governance’s Phishing Staff Awareness Course:
- Helps employees identify and understand phishing scams;
- Explains what would happen should they fall victim; and
- Shows how they can mitigate the threat of an attack.
The course is delivered online, enabling employees to study from their desks and around their existing workload.