What is Phishing?

According to Wikipedia

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication.

Typically carried out by email spoofing or instant messaging it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate site.

How Phishing Works

You probably must have gotten an email a text message, an instant message or even a call that your ATM Card, BVN, email address, social media account or a software service you utilize has been compromised.

These messages are usually almost an exact replica of how your trusted service provider will ask you for information or probably not. Sometimes you get these messages through the listed channels for services you never even subscribed to in the first place.

The intent is to get you to follow through with a call to action which is sometimes giving a certain number a call or clicking a link which looks similar to that which your service provider will send to you, or a link that is generally enticing enough for you to follow through to the next step.

A ton of things can happen from here. You are either asked to fill a form if it’s via the web or call certain personal pieces of information if it is through mobile phone communication.

Malware, Key loggers and other surveillance tools can be installed in your system to steal credentials and monitor your online habits.

Hackers use this as a method to get valuable information from targets that can be used to gain access to their accounts for numerous reasons.

In the United States alone half a billion dollars is being lost to phishing attack yearly.  Reference www.fobes.com

New Trends in Phishing Attacks

There’s been a rise of phishing attack sent through Instant messaging apps like Facebook, Whatsapp, and Slack.

Phishing Attacks now also targets your SaaS (software as a service) Credentials, knowing full well that organizations and corporations make use of services like Dropbox, G-Suite and most communication and sensitive materials are stored in such services.

Now because email services can scan emails for malicious links, attackers are now embedding them within shared files and posting them on trusted sites like Box, G Suite, and Dropbox.

Example of a Phishing Email

Conclusion

Technology has brought a lot of good to humanity, but then again with every advancement made, there are loopholes that need to be sealed in other to make the web safer. Attackers are developing new strategies to compromise platforms and data. To be on top of your game, you have to be several steps ahead.

We will be having a Hack Day Event on the 30th of March. To participate and get more insight on cyber security you will need to register. See more details here. http://bit.ly/olotusquarehack

We will be glad to enlighten you more, free of charge!