Recently in Indonesia, there have been some cases in which people received anonymous messages claiming they’re from legitimate institutions asking to open certain files or links. Just with one click on those, the perpetrator successfully emptied their mobile banking, e-wallet, and even stole their credentials for illegal activities. That such crime is what we call as “phishing”.
“97% of Indonesian domains are vulnerable to phishing and spoofing.”
Surprisingly, a survey conducted by EasyDMARC (2023) found that Indonesia has extremely low phishing and spoofing protection, with only 2.945 or less than 3% of the total sample for Indonesian domains being fully protected. What exactly is phishing and how dangerous it is?
Also check out our Cybersecurity training and certification programs such as Certified Ethical Hacker (CEH) Certification, Certified Information Systems Auditor (CISA®) Certification, Certified Secure Computer User (CSCU) Certification, and many more. We are ready to deliver end-to-end Cybersecurity solutions that could improve your organizational performance.
What Is Phishing?
Cited from NIST, phishing is a method of attempting to obtain sensitive data through an email or website, in which the perpetrator poses as a legitimate business or reputable person. Phishing attack relies on people's trust in the internet, making it an efficient and dangerous attack. Phishing can be also done through email, social media, or malicious websites.
How Does Phishing Work?
Phishing lures victims with legitimate looking (yet fake) emails or other forms of communication from a trusted sender who then persuades them to divulge sensitive information, frequently on what appears to be a convincing legitimate website. On occasion, the victim's computer will also be infected with malware or ransomware.
-
Perpetrators commonly manipulate targets into clicking on attachments or links by appealing to their fear, curiosity, and sense of urgency
-
Phishing attempts are made to look like they are from reliable organizations and people.
Common Types of Phishing
-
Spear Phishing
A targeted attempt to get private information from victims for malicious purposes through their personal information such as their acquaintances, employer, and etc. The attackers then pose as a trusted person or source to obtain private information.
-
Email Phishing
A phishing where emails are created to seem exactly like those sent by legitimate businesses. Links in the emails frequently take recipients to "fake" or "spoofed" websites where they are prompted for personal information.
-
Clone Phishing
A phishing where the attacker copies or clones an authentic email to spread malware by intercepting the communication, modifying it, and then resending it to their targets. A malicious attachment or link has been included to the email.
-
Pop-Up Phishing
A fraud in which pop-up advertisements persuade customers to buy unnecessary antivirus protection or deceive them into downloading malware. These pop-up ads sometimes use scare tactics.
Don’t Take the Bait! Here’s to Avoid Phishing Attacks
Did you know? Facebook and Google once got tricked by a Lithuanian man who managed to lure them into wiring him over $100 million after impersonating Quanta Computer, which actually does business with the tech giants, through phishing emails with fake invoices, contracts and letters. Even two of the world's largest tech companies have fallen into phishing scams.
As today's phishing attacks are getting more sophisticated, the best you can do is to avoid them. How?
-
If it’s from a public domain email, don’t open it!
Except for small operations, most organizations will have their own email domain. If the email comes from an address that isn’t affiliated with the apparent sender, it’s almost certainly a scam.
-
Be meticulous! Check if the domain is misspelled
Unfortunately, anyone can create domains that are identical to the ones being faked. Remember, all it takes for hackers to successfully do their operation is one employee's error.
-
If there’s any suspicious attachment or link, leave it!
Never click on a link or attachment unless the sender is from a legitimate party. Your device will be infected with malware that can perform a variety of malicious actions.
Phishing is one cyberattack you shouldn’t underestimate. Also remember that advanced phishing attacks require more advanced cybersecurity capabilities to combat them. Enhance your security protection through our training program
Reference:
EasyDmarc. (2023). 97% of Indonesian domains prone to cyberattacks. EasyDMARC. https://easydmarc.com/blog/97-of-indonesian-domains-prone-to-cyberattacks/
Gillis, A. S. (2023). phishing. Security. https://www.techtarget.com/searchsecurity/definition/phishing
Phishing. (n.d.). https://www.itgovernance.co.uk/phishing
Stouffer, C. (2022). 20 types of phishing attacks + examples and prevention tips. (n.d.). https://us.norton.com/blog/online-scams/types-of-phishing
What is phishing? (2023). Cisco. https://www.cisco.com/c/en/us/products/security/email-security/what-is-phishing.html#~how-phishing-works
