Tribratanews.polri.go.id - Jakarta. Phishing is an online crime in order to steal the victim's accounts. Most of the online crimes started from phishing, and the cybercriminals used to targets its victim through email.
Just like you know, year's end is often used by the retails to give shopping vouchers to many customers, either directly or by email. This too will be utilised by the phishing actors to send traps such as discount links or similar to dig private information as much as possible. Trend Micro USA saw this phenomenon during the last year's Black Friday, in which many people were fooled by the lure of cheap shopping offers. Not only that, but phishing actors also deceived the HRD officers who offered jobs through email.
Phishing is included in the most popular online crime. In their 2015 publication, Wired stated that 91% of online crimes are started from phishing, in which the victims were trapped in fake emails or websites. The loss due to phishing is estimated from 61 million to 3 billion US dollars.
Phishing usually attacks the users through popular applications on behalf of the company to gather private data. The Apple users once received a fake extended bill with an email address similar to the company. This kind of phishing gathers data from the fake web from the "illicit" link inside a file.
A similar occurrence happened in 2011. The workers of Oak Ridge National Laboratory in the US, all 500 of them, were attacked by phishing. They received an email claiming from the company's HRD. Fifty employees were beguiled with the attachment that caused 50 computers infected by malware.
Phishing, as far as experts know, uses two techniques. One of them is using malware injected into an email, just like the Trojan-Downloader.JS.Agent that attacked 8.89 of the victims in 2016. The other one is the phishing email using the link to direct them into a fake web of an institution or company that looks official.
Jason Hong's The State of Phishing Attacks stated that phishing works in three stages: first, the prospective victims received the "bait". Second, the victim ate the "bait" and was trapped in it. Third, the perpetrators monetised the obtained information.
To avoid phishing's traps, here are ten basic steps you need to do to avoid the phishing danger, which are:
How to Avoid Phishing
1. Always check display name and email used
Do not easily believe if you received an email from a well-known company. Check the email they use. The official companies often use a legitimate email address when sending emails on behalf of the company.
2. Check carefully the links and images attached and check its Alternative Text.
When you direct the cursor to the image or writing containing a link, you will see the alternative text containing the address you would access. If the alternative text does not match the writing or image, do not click it.
3. Beware of spelling errors.
Several famous companies such as Apple, Facebook, Twitter, Instagram, Samsung, etc. often spoofed by phishing perpetrators. If there are incomplete words (e.g. Facebok instead of Facebook, Twiter instead of Twitter), or Instagramm instead of Instagram), then it is believed that the sender does not come from the company you think.
4. Read the greetings they use
If the email you receive is for you, then the greeting should use your name as well. However, if the greeting is general, you might need to think twice to believe it in an instant.
5. Read the message. If the sender asks for private information, ignore it.
The official companies are impossible to ask for your private information through email. Some information such as complete name, complete address, bank account number, credit card number should not be asked if you are not conducting a transaction with official companies.
6. Got an emergency email? Check again
Some perpetrators often send "emergency"-tone emails, moreover related to money. They could ask for some amount of money for various reasons such as the life of a close relative is in danger, a country needs help, etc.
7. Check email signature
Most official emails always attach a clear identity such as complete name, position in the company, company address, and contact number below the email. If you cannot found it, you need to be careful.
8. Beware of the file being sent.
The perpetrator would bait you with many deceptions. Discount vouchers? Application free trial? Free videos? Your idols? Do not be deceived. There might be malware in it.
9. Do not trust completely.
Do not easily conclude the email you receive. It is okay if you make time to study the email you receive because the perpetrator might know your daily activities and your favourites.
10. If hesitant, call your IT team.
If you are working in a company with an IT team, then you need to communicate with them when you receive a suspicious email. Moreover, your device is connected to others through an office network, and it is still possible that you have to pay all the consequences due to one wrong click.