Blog Posts Business Management

In the Era of phishing and its prevention

Blog: NASSCOM Official Blog

In The Era of Phishing and Its Prevention

During this crisis “coronavirus pandemic” give those criminals a big opportunity to attract victims into taking their phishing lure. Phishing attacks are not new to the threat landscape, the first phishing email is thought to have originated around the year 1995. It has been an extremely common attack that has been used for many years, and its impacts and risk involved are well known to most Internet users. Criminals rely on deceit and create a necessary situation to achieve the target with their phishing campaigns. The huge amount of evidence that attackers collected about victims who shared phishing campaigns via their social networks.



What exactly phishing is?

It is a type of cyber attack that uses cover email as weapons. The main goal is to trick the recipient into believing that the content of the message has something that they need to solve immediately such as a request from their bank, add KYC in an account, Google pay attractive offers, SIM blocking/swapping, card blocking, etc and to click a malicious link or download an attachment which can lead to the installation of malware. It may freeze the system as part of a ransomware attack, or it may reveal sensitive information. It steals user data, including unauthorized login credentials and credit card numbers. It gives the desolating results. It also includes unauthorized purchase, stealing funds, transferring money, or identity theft.

Phishing techniques

Phishing can be done by using different techniques. Some techniques are:-


Spear phishing is aimed to steal sensitive information like account credentials and financial information from a particular victim. This can be achieved by gathering personal details on the victim such as their friends, hometown, DOB, employer, locations they frequent went, and what they have recently bought online. The attackers then hide as a trustworthy acquaintance or entity to acquire sensitive information, via email or other online messaging. It is the most common and successful form of collecting confidential information on the internet.

How does spear phishing work:-

The attacker target victims who share personal information on the internet. They might view individual profiles while scanning social networking. They will be able to find a person’s email address, friends list, geographic location, phone number, daily updates, and any posts about new gadgets that were recently bought. Through this information, the attacker would be able to pretend as a friend or a familiar acquaintance and send a convincing but fraudulent message to their target.

Those messages often contain urgent explanations of why they need sensitive information, downloading malware and malicious code. Victims are asked to open that attachment or link that takes them to a spoofed website where they are asked to provide passwords, account numbers, PINs, and access codes. An attacker might ask for usernames and passwords for various websites, such as Facebook so that they would be able to access shared information.

The attackers will use that password, or variations of it, to access different websites that have some sensitive information such as credit card details or Social Security Numbers. Once an attacker has gathered enough sensitive information, they can access bank accounts or even create a new identity using their victim’s information.

Vishing attack

Vishing is actually a combination of two words, voice and phishing. Vishing is a social engineering attack that attempts to trick victims into giving up sensitive information over the phone. In most cases, the attacker strategically manipulates human emotions, such as fear, sympathy, and greed to accomplish their goals.

Instead of an email, the attacker attacks a phone call – landline or mobile. The cybercriminals primarily utilize VoIP (voice over internet protocol “Global VoIP statistics”) technology to create spoofed phone numbers as well as phony caller ID’s to cover up their identity.

Both phishing and vishing attacks are highly effective; however, the vishing attack appears to be the preferred method of attack today.

The NSA reported recently in a COVID-19 article that a foreign country was allegedly trying  to acquire COVID-19 vaccination formulas. The foreign country denied the accusation. The NPR article did not specifically state if the attack was phishing or vishing, but the motivation would have been to compromise sensitive documents or data for financial gain.

A recent spear vishing attack, or targeted attack, against Twitter highlights the growing concern. The attacker was able to gain access by manipulating a Twitter employee into providing access to internal tools. With this access, the attacker was able to control thousands of prominent accounts such as Bill Gates, Joe Biden, and Beyonce.


Pharming is a two-step process. First, attackers install malicious code on your computer or server. Second, the code sends you to a fake website. They tricked you in providing personal information. Computer pharming doesn’t require that initial click to take you to a fraudulent website. Instead, you’re redirected there automatically. The fraudster has immediate access to any personal information you enter on the site.

Do you get calls inquiring about the passwords of your bank accounts, insurance, credit cards and so forth?

You may be heard about jamtatra: India’s Phishing hub. For more information about jamtara phishing hub, go through this India today investigation.


It is a form of spear phishing only aimed at the big fish – CEO or other high profile target. Many of these scams target company board members, who are considered particularly vulnerable. In many whaling phishing attacks, the attacker’s goal is to manipulate the victim into authorizing high-value wire transfers to the attacker.

How to prevent phishing

The post In the Era of phishing and its prevention appeared first on NASSCOM Community |The Official Community of Indian IT Industry.

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples