What is phishing attack and what are the examples of phishing attacks

What is phishing attack and what are the examples of phishing attacks
Representational image.Pixabay
  • The Indian government has warned that over 2 million users may be targeted for phishing attacks.
  • Attackers are expected to use the Covid-19 pandemic to target users.
The government has issued an advisory that ‘malicious actors’ are planning to attack over 2 million individuals as part of a large-scale phishing attack against Indian individuals and businesses. This comes at a time when India is embroiled in a border dispute with China.

The advisory has been issued by Indian Computer Emergency Response Team (CERT-In), which is India’s nodal cybersecurity agency.

"The phishing campaign is expected to use malicious emails under the pretext of local authorities in charge of dispensing government-funded Covid-19 support initiatives. Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information.” said CERT-In a statement.

Advertisement
What is phishing?

Phishing is a type of attack that is aimed at collecting usernames, passwords and other personal information of users. It is usually in the form of an email or a message that contains a link or an attachment, pretending to be a trustworthy entity such as a company or a bank. As per an Akamai report, phishing plays a role in 32% of all breaches and 78% of all cyber-attacks.

Examples of phishing attacks

Ayushman Bharat phishing attack

What is phishing attack and what are the examples of phishing attacks
An example of Ayushman Bharat phishing attack.Rounak Jain / Business Insider India

Advertisement

The Ayushman Bharat phishing attack uses the Indian government’s free health coverage scheme to deceive users. In this, a message is shared with the message that ‘10-crore people between the age of 13 -70 years are being provided with free insurance worth ₹5,00,000 to cover the Covid-19 pandemic.’

It asks users to register themselves using the given link. However, this link is designed only to obtain the user’s personal information.

Instagram phishing attack

What is phishing attack and what are the examples of phishing attacks
An example of Instagram phishing attack.Norton

Advertisement
A popular Instagram phishing attack disguises itself as a two-factor authentication email. Along with the verification code, the email also includes a link using which users can sign into their account.

If the user clicks on the link and enters their account details, they are recorded by the attacker.

Netflix phishing attack

Advertisement
What is phishing attack and what are the examples of phishing attacks
An example of Netflix phishing attack.Norton

Another popular phishing attack is the Netflix account on-hold trick. In this, an email is sent to users, supposedly from Netflix claiming that the company is having trouble accessing the user’s ‘current billing information’.

A link is included asking users to update their account information. This is used to obtain the user’s payment information.

How to protect yourself from phishing attacks?

Advertisement
Here are some tips that will help you protect yourself from phishing attacks:

  • Do not click on any email that you receive from ‘ncov2019@gov.in’ or similar email addresses.’
  • Do not open any email with ‘Free Covid-19 testing’ or similar subjects.
  • Organizations have their own domain and do not use public domains to send emails to their customers. If you receive a email from a company with a public domain (@gmail.com at the end), avoid clicking on any links or attachments.
  • Check the email or message for spelling mistakes, unusual phrases and discrepancies in the domain name.
  • Check the integrity of the URL before clicking on the link or providing login credentials.
  • If the email contains unnecessary attachments or links, avoid clicking on them.
  • Avoid clicking on shortened links, especially on social media.
  • Avoid emails from suspicious senders that contain urgent deadlines and ask you to click on a link or visit a website urgently.
  • Do not enter personal information in pop-up screens. Companies generally do not use pop-up screens to ask for user information.
SEE ALSO:

SBI warns 2 million users may be at risk of phishing attacks in Delhi, Mumbai and other major cities

Cognizant's ransomware attack is making peers like TCS and Infosys nervous — and they are beefing up security
{{}}