???????????????? ???????? ??????????????, ?????????????????????????? ???????? ????????????. ? Hello everyone! Aarav Chopra received an alert e-mail from his bank. What do you think he did? He opened the mail. After all, it was from his bank. The mail contained a message informing him that a suspicious login attempt into his account was prevented by the bank. See the mail: ? Dear Aarav, ? An attempt was made to access your account today at 11:30 am from <city>, <country>. We prevented the attempt. However, we strongly recommend that you login to your account with the link given below using your existing credentials and change your password. ? <Login Button> ? Regards, XYZ Bank ? Aarav was happy that his bank saved him. Of course, he could not imagine why would someone from a random city in a random?country attempt to login to his net banking, unless they were a hacker. This was his life savings. He acted with a sense of urgency and accessed net banking using the link provided in the e-mail and changed his password. He felt relieved. ? In about 5 minutes he received a mail from his bank that he has transferred ? XXX to another account. But Aarav never did that. How did this happen? He called his phone banking service. They informed him that they would register his complaint, but since the login credentials were authentic, they cannot do much. Upon enquiring further he found out that the bank sent him no e-mail regarding any suspicious attempt to access his account. Aarav knew he has been made. But how? ? On the looks of it, the e-mail was from a trusted source, Aarav's bank, but only in looks. In closer scrutiny he realised that one alphabet in the domain name was wrong. Instead of '[email protected]', it was '[email protected]'. He then clicked on the link given in the mail, only to check the URL properly this time. He realised that while the UI was same, the URL was different, only slightly. Instead of https://www.abcbank.com, it was https://www.abcbamk.com. So it was neither a secure site (http v/s https), nor the correct site (bank vs bamk). He realised now what had happened. ? Willingly, but unwittingly Aarav revealed his login credentials to an attacker. This was a phishing attack. A phishing attack is a type of cyber attack, in which the phisher (hacker) sends a fraudulent message via a vector, to an unsuspecting victim into revealing sensitive information to the phisher. The vector could be SMS, messenger or e-mail. If a victim falls for the ruse, phishing attack is successful. ? ???????????????? is a common cyber attack. It is difficult, but not impossible to safeguard against phishing. Reach out to us at [email protected] / +91 124 4288804 if you want to discuss your defensive posture against phishing.? ? #IntegreSolutions?#TrustedLikeNoOther?#CIOKlub?#CyberSecurity #CyberSecurityAwareness?#Phishing #PhishingEmails #PhishingAttack? ? ?
