The words, ‘fraud’ and ‘phishing’ have become very common at this time due to the rise in fraudulent activities. Many organisations and businesses have been at the forefront of educating their customers and the general public about the tactics used by these criminals and how to safeguard themselves and their funds.
One of such organization, is Access Bank, a leading financial institution in Nigeria, who has demonstrated that the customers’ financial security is a top priority.
Attackers often turn to phishing tactics to get unsuspecting individuals to divulge sensitive information, pretending to be someone or something else to get them to take action. Phishing attacks can be difficult to stop as it relies on human curiosity and impulses, hence, individuals need to administer a good dose of self-restraint so as not to fall victim.
Here are some of the most common phishing attacks and how to avoid them.
Email Phishing
An attacker may send you an email that appears to be from someone you
trust, like your boss or a company you do business with. In the email,
there will be an attachment to open or a link to click which may send
you to a legitimate-looking website that will require you to input
sensitive information such as your password, to access an important
file. The fake domain often involves character substitution, like using
‘r’ and ‘n’ next to each other to create ‘rn’ instead of ‘m’. In order
to combat phishing attempts, understanding the importance of verifying
email senders and attachments/links is essential.
Spear Phishing
Spear phishing emails are targeted towards a specific individual,
government, or business with the intention to steal data for malicious
purposes or install malware on a targeted user’s device. Before this can
happen, the attacker will already have some of the victim’s information
like their name, place of employment, BVN, POB, job title, Email
address, and specific information about their job role. There’s a
popular misconception that banks are the only ones who have such
personal information, however, individuals may have at some point filled
various forms for other purposes such as loaning and saving platforms,
etc. One of the ways attackers get ahold of victim’s private information
is by Data-mining them from databases from all kinds of sectors.
Whaling
Attackers may camouflage as a senior player at an organization and
directly target other important individuals of the organization, with
the aim of stealing money or sensitive information or gaining access to
their computer systems for criminal purposes. For organizations not to
fall, victim, staff members should maintain a healthy level of suspicion
when it comes to unsolicited contact, especially when it pertains to
important information or financial transactions. They should always ask
themselves if they were expecting the email, attachment, or link? Is the
request unusual in any way?
Angler Phishing
More and more organizations now maintain social media presence to relate
with their customers and this has triggered a new type of attack known
as angler phishing. Criminals clone these corporate social media
accounts to obtain sensitive information from unsuspecting customers. An
example could be a customer who posts a complaint about account-related
issues. Fraudsters, through the clone accounts, may reach out to the
customer masquerading as a customer care representative. The customer
may fall, victim, when he or she divulges any of such information.
Before you respond to anyone on social media when you request help
online, check the account that’s responding to ensure they are verified
(blue tick). You can also always take your customer service issues
directly to the Bank’s website or contact center for a resolution rather
than risk falling into an angler phishing trap.
Smishing and Vishing
Unlike other phishing schemes which involve emails, smishing and vishing
involve telephone communication. In smishing, the attacker sends a text
message, and vishing involves a telephone conversation. An example is
an attacker posing as a customer representative from a bank and telling
the victim his or her account has been blocked and personal information
such as the BVN is required in order for it to be rectified. It is never
a wise choice to give out your private banking information to anyone,
whether you know them or not.
No comments :
Post a Comment