There is a famous proverb – Bad news always travels fast. So when you hear that a colleague/friend or relative has been swindled off her/his hard earned money via the mobile, then you can identify the process as phishing.
Definition of Phishing
In short, phishing is described as a type of fraudulent activity. The hacker takes the identity of another person and cons you to giving confidential details regarding your bank or Facebook account. He/she can contact you by various methods such as email, message or by phone calls. In an email, he/she can send viruses or spyware in the form of attachments, where they can extract login credentials or password from the unsuspecting victims (you).
How Does Phishing Activity Occur?
If you see a phishing email, you can easily identify it. You may get an email stating a reward of one million dollars. If you reply, then you will get an email where it is required to click on the website link, and then transfer a small amount of money to get the million dollars. If you do transfer the money, you will get no response. This is email phishing.
Do you know hackers run phishing campaigns? Usually, these are emails that are concentrated around recent events of disaster and fictitious news. There are times when you can get a phishing email around holidays, anniversaries or events.
You can also get tricked via mobile. For example, you transfer/receive payments through the mobile. Let us see how you can get tricked in two situations.
You get an email from a reputed NGO asking for money transfer to set up a scholarship. Being the lifetime member, you do not check the name, spelling in the website properly. You click on the link and then transfer money. Very soon, all the money in your bank account gets transferred. You receive the notification and is horrified. Now how did this happen?
If you check the website, then it is a replica of the reputed NGO website. When you clicked the link, spyware has entered your mobile and transferred the details of your bank. The hacker at the other end has got into your account and swindled the money.
You work as a finance executive of a company. You are given permission to transfer money to the vendors and other freelance professionals via mobile. One day, you receive a letter from a vendor asking for the payment. They have given the email id and bank account details, which is new. You do not check the credentials and just transfer the money.
After a few hours, when you check the mail properly, the email address of the vendor contains a spelling mistake. And the bank account does not belong to the specific vendor. That is when you realize you got conned.
Types of Phishing
Yes, it is not that the phishing guys have a hay day. Every company, dabbling in anti-virus softwares and anti-phishing software are honing their versions and prevent phishing scams. But still, hackers invent new methods of attacks. Now let us include the following:
1. Spear Phishing Attacks
Usually, in phishing, the calls or emails get sent to many persons or companies (SMBs). If lucky, they will find a victim. But in spear phishing, a proper plan is drawn to get details of a specific individual or company. The mail content may contain references to higher-ups in the organization or other executives. In all, the hacker has a plan in perfect motion.
2. Whaling Attacks
It is the next form of spear phishing. This attack is cornered only for senior executives in an organization to swindle large sum of money. The hacker gets to know every info regarding the victim and then go for the process.
Usually, the senior executive (you) will have the authority to transfer payments or give permission to transfer payments.
In this type, the hacker will make you go from an original website to a fraud one. When you put the credentials into the fake website, the hacker gets the password and other details.
4. Clone Phishing
Let us imagine, you use to get emails from a bank. In a similar fashion, you got an email claiming from the same bank. Now being a software engineer, you know that it is a phishing one. The hacker has copied the entire content of the previous emails of the banks and changed only the links. The links will connect you to the fake website which is a replica of the bank website. If you log in, you know the result. As already mentioned.
There are also chances you may be asked to download a particular document. The document may contain an attachment where the virus or malware will download and control your system. Then the confidential information will get leaked with ease.
5. Evil Twin Phishing
Let us imagine, you are a senior executive in the Finance department for a company which offers mobile repair in a Mumbai area. Your company has a partnership with a popular start-up which also offers doorstep online mobile service in Mumbai. Now, you roam to other cities and companies to get new clients. In public places and in areas where your WiFi is not working, you make use of free WiFi. Now. The reason, a hacker can use the twin method to set up a fake Wi-Fi point. When you make use of you hWi Fi via the mobile, then every transmission and activity can get noticed by the hacker. He/she can also get to know the details of passwords and user IDs. Soin these occasions, it is better to use a VPN.
6. Voice Phishing
The other name is vishing. This happens over a call. You can get calls from a person claiming to be a bank executive. It can also happen via voicemails where the hacker places a message stating from the bank that your account is not secure. You will be asked to call a telephone number to verify your identity. When you do so, he will ask for information to log in to your bank account. And you know the result. The account gets compromised.
7. SMS Phishing
You made the right guess. You can get the phishing message via SMS. Since you have a smart mobile, the message will be a replica of your bank earlier messages. You will get no doubt in the content. Now, the message will contain links to a website or web source (fake one), and ask you to verify if you are the same person. If you log in, the compromise will happen. Please note, that the link will be in the form of a shortened URL.
Let us imagine, you are an entrepreneur having a company which offering computer repair services in the capital city of Maharashtra. To make a name for your company, you are also connected as a vendor to another enterprise providing online computer repair services in Mumbai. To ensure that the office mobile where online payments are done should be kept of phishing activity, you have put Caller ID apps in the mobile. You have also installed anti-phishing software in mobile, laptops and computers. Taking these small steps will prevent any type of phishing activity in your company.