While cricket fans eagerly await the ICC World Cup 2023, cyberattack warnings are already being issued as the event creates a perfect opportunity for cybercriminals to launch attacks.
One of the major threats highlighted is phishing. In the warning, it has been issued that phishing emails and websites may impersonate official ICC World Cup communications, urging recipients to click on malicious links or provide personal information like credit card details.
This is not new because even the American global computer security software company – McAfee, had released an alert report ahead of the Qatar FIFA World Cup highlighting the cybersecurity risks and scams associated with major sports events.
Hence, at least for the sake of a smooth World Cup experience, let us dive into what phishing is all about.
The Rise of Social Engineering Attacks
Social Engineering attacks refer to cyberattacks where victims are tricked into giving up sensitive information or taking harmful actions through interactions.
Phishing is a social engineering attack that uses emails or text messages containing links leading to a fake website. They appear to be from legitimate sources like banks, credit card companies, etc., luring victims into revealing personal information.
Purpose of Phishing Scams
To understand the seriousness of phishing, one must know why cybercriminals launch these attacks.
- To steal personal information for identity theft: They steal your personal information to mask their real identities while indulging in illegal and fraudulent activities.
- To gain access to computer systems: Once they gain access to your computer system, they can steal valuable data, install malware, and even spy on your activities.
- To spread malware: Cybercriminals can use malware and infect other devices, systems, or networks through your system.
- To disrupt operations: By targeting specific individuals or organizations, cybercriminals can disrupt the operations of businesses, federal bodies, and even public sector organizations like health care, educational institutions, military, etc.
- To demand a ransom: Cyberattackers take control over sensitive data or systems and threaten to release the data or disrupt the operations unless a ransom is paid.
Types of Phishing attacks:
Spear phishing: A targeted attack that tricks a specific individual or a group using emails or text messages that appear legitimate.
Whaling: Targets high-level executives or high-profile individuals and tricks them into clicking on a malicious link or providing sensitive information.
Clone phishing: The attackers impersonate credible companies or organizations. They send an email with a link to a fake website that is a replication of the original.
Watering hole attack: The attackers infect a website frequented by their target victims with malware. It gets activated when they visit the website.
Malvertising: Malicious codes are injected into authentic advertising campaigns. When a victim clicks on the ad, the malicious code is downloaded onto their computer.
BEC: Business email compromise (BEC) attacks target businesses. The attacker impersonates an authorized employee to trick the victim into sending them money or sensitive information.
As people have become more aware of phishing scams through emails or text messages, cyberattackers are finding new ways of launching attacks. There are two such scams on the rise.
QR Code Phishing:
A QR code phishing attack is a type of phishing attack that uses QR codes to trick victims into giving up their personal information or clicking on a malicious link. QR codes are 2D barcodes that can be read by a smartphone or similar device when scanned. They are often used to quickly access information, such as a website or a contact.
Twitter Blue Check Scammers:
Twitter blue-check scammers are people who pose as verified Twitter accounts to trick people into giving up their personal information or clicking on malicious links. They may send direct messages requesting personal information, post tweets that contain malicious information, and create fake Twitter accounts impersonating legitimate people or organizations.
Measures to Avoid Phishing Scams:
- Double-check any email that asks for personal information such as credentials, credit card number, or SSN. Phishing emails are always aimed at collecting sensitive information.
- Before clicking on links, ensure they are from credible sources. You can check this by hovering the cursor over the link to check where it leads.
- Do not open or download any attachments without checking the credibility of the source.
- Always check the sender’s email addresses. They may appear to be from legitimate people or organizations, but there might be slight misspellings, or the sender’s mail ID might not match with the sender’s name or the content of the message.
- Look for grammatical errors or typos. Phishing emails are usually not well-written and might have mistakes in grammar or spelling.
- Keep your web browser and anti-virus software up to date.
- Use strong passwords and change them regularly.
What to do if you accidentally click on a malicious link?
- Don’t panic. It’s important to stay calm and think clearly.
- Immediately disconnect from the internet. This will prevent the attacker from gaining access to your computer or device.
- Use one of the anti-virus and anti-malware programs to scan your computer or device for malware.
- Change your passwords for your email accounts, bank accounts, social media accounts, and other online accounts you use.
- Report the phishing attack to the authorities. You can report the phishing attack to the Federal Trade Commission (FTC) or local law enforcement.