Unmasking the threat: Navigating the perils of phishing attacks


TECH4GOOD

The IT industry is changing the countryside economic landscape

Phishing remains to be the primary and most effective means used by cybercriminals when it comes to scamming people online. And the Philippines is getting its fair share of these attacks where it is now ranked fifth among countries in Southeast Asia with the most phishing attacks in 2022 with over 4.5 million incidents.


Based on the latest report released by Kaspersky, a cybersecurity and digital privacy company, phishing incidents in the Philippines and the region will continue to increase with scammers becoming more sophisticated in their tactics. And these new tricks will likely emerge in the corporate sector, which is expected to result in more profits for attackers. The report also says that in 2022, a total of 43,445,502 phishing attempts that targeted the devices of Kaspersky’s individual and enterprise users in the region were thwarted by their Anti-Phishing System.


Phishing is a type of cyberattack that aims to deceive individuals or entities into revealing sensitive and personal information such as usernames, passwords, credit card numbers, or other confidential data. Usually done through mail or social media, phishing attacks typically involve impersonating a trusted acquaintance whose account most probably has been compromised earlier, a legitimate entity such as a bank, social media platform, or a trusted service provider, in order to gain the victim’s trust and manipulate them into taken actions that compromise their security. Once the bait is taken, the attack will eventually result in identity theft, financial loss, and damage to the reputation of both individuals and businesses.


According to the same report, global phishing attacks last year frequently target users of delivery services, making up 27.38 percent of all attempts blocked by Kaspersky Solutions while online stores were the second most targeted with 15.56 percent blocked. Payment systems and banks came in both tied for third place with 10.39 percent.


Emails under the guise of well-known companies are used by scammers to direct users to fake websites asking for sensitive information or financial details. The Information and banking details almost always end up being sold to websites on the dark web.


Vigilance against phishing is essential because, aside from identity theft, financial loss, and damage to reputation, it can result in other unwanted consequences. If sensitive business and personal data are compromised, it can lead to data breaches with far-reaching consequences that may not be immediately visible but eventually will enable the attackers to invade your privacy, track your online behavior, and use the data for targeted attacks.
Phishing emails may also contain malicious attachments or links that, when clicked, can download malware into your device. This malware can then steal information, or even lock you out of your files as in the case of ransomware. If the same credentials across multiple platforms are used, a compromised account from a phishing attack could also lead to unauthorized access to other accounts. 


How do we safeguard ourselves from phishing attacks?


There are a lot of ways that we can do but the first line of defense is knowledge. Understanding what phishing is, how it works, and the tactics employed by cybercriminals is essential. Careful scrutiny of linked websites would be a big help. Watch out for misspellings, odd characters, or unusual domain extensions. Additionally, look for “https://” at the beginning of the URL, indicating a secure connection, and check for a padlock symbol in the browser address bar. These are indicators that the website is trustworthy. Delete immediately if you believe it is a malicious message.


Before taking any action in response to a message or request, it is crucial to verify its legitimacy. When in doubt, contact the individual sender immediately or the organization directly through its official channels to confirm the authenticity of the request. Legitimate organizations will not ask for sensitive information like passwords, one-time pins, or credit card details via email or text.


There are other ways to mitigate phishing attacks. The use of two-factor authentication wherever possible can add an extra layer of security to your accounts. Keeping your operating system updated regularly and the use of antivirus and anti-phishing software will help ensure that you are protected against known vulnerabilities.


We also need to limit the amount of personal information or even images such as pictures that we share online, especially on social media platforms. Cybercriminals today are using social engineering techniques to craft convincing attacks. The less information made available for them to work with, the harder it is for them to manipulate you.


Protection from phishing attacks requires a combination of awareness, education, and proactive measures like the use of antivirus and anti-phishing solutions. In a digital landscape where cyber threats are omnipresent, taking steps to safeguard sensitive personal, business and financial information has never been more critical. ([email protected])

(The author is an executive member of the National Innovation Council, lead convenor of the Alliance for Technology Innovators for the Nation (ATIN), vice president of the Analytics and AI Association of the Philippines, and vice president, UP System Information Technology Foundation.)