General

What is phishing?

Phishing is a type of online scam where an attacker, often making use of social engineering techniques, attempts to deceive people into providing sensitive information such as usernames, passwords, credit card numbers, and other personal or financial information by posing as a trustworthy entity in a communication.

Phishing attacks are typically launched using a fake website or an email that looks legitimate but can also be carried out through phone calls, social media messages, or any other form of electronic communication. Although the psychological triggers and technical methods used are often very similar between the different media used, phishing attacks are today a common and effective form of Cybercrime, particularly if the victim is unaware of the revealing signs of a phishing attempt.

 

What are the types of phishing techniques?

There are several types of phishing techniques that attackers may use, including:

Email phishing: This is the most common type of phishing attack, where attackers send emails that appear to be from a legitimate source, such as a bank or online retailer, and ask the recipient to click on a link or provide sensitive information.

Spear phishing: This is a targeted form of phishing where attackers research their victims to create personalized emails or messages that appear to be from a trusted source, such as a colleague or friend, in order to trick them into divulging sensitive information.

Smishing: This is a type of phishing attack that uses SMS or text messages to trick individuals into providing sensitive information or downloading malware onto their device.

Vishing: This is a type of phishing attack that uses voice or phone calls to trick individuals into providing sensitive information, such as login credentials or credit card information.

Malware-based phishing: This is a type of phishing attack that involves the use of malware, such as a Trojan or a virus, to infect a user's device and steal sensitive information.

Search engine phishing: This is a type of phishing attack that involves the creation of fake websites or landing pages that appear in search engine results in order to trick users into providing sensitive information or downloading malware.

Clone phishing: This is a type of phishing attack that involves the creation of a fake website or email that appears to be a legitimate one, with minor changes made to the content, in order to trick individuals into providing sensitive information.

Overall, these are just a few examples of the many types of phishing techniques that attackers may use. It's important to be aware of these techniques and to protect yourself, such as being cautious of suspicious emails, texts, or phone calls and avoiding clicking on links or downloading attachments from unknown or untrusted sources.

 

What happens if you open a phishing email?

If you open a phishing email, it may not necessarily harm your computer or device, but it could potentially put your personal and financial information at risk. Spam emails only become a serious cyber threat if you have clicked on links, downloaded attachments or shared sensitive information.

However, when opening phishing email, even if scripting is disabled, you expose information like IP address, timezone, email client information, location, operating system, system memory etc.

This data can be used against you to create more targeted cyber-attacks in the future. For example, by using the timezone and location information attackers can create enhanced phishing emails in the regional language.

If Scripting is enabled in the email client, malicious attackers can install malware and infect the system. The malware can then be used for spying on the system, deploying ransomware, using the system as bot or as proxy.

To avoid opening a phishing email, you can view the email address from the preview without opening the email, look for the subject line, or email summary. Once you find the email to genuine, you can open the email.

To protect against scripting attacks, make sure you disable scripting on your email client.

If you have open an phishing email, you can do the following:

  1. Disconnect the system from the internet.
  2. Scan your system with an reputed antivirus/malware scanner.
  3. Report the email address to your IT admin and mark it as spam.
  4. Report the email to relevant communities like CISA, NCSC, EUCPN, Google Safe browsing.
  5. Delete the email from your email client.
     

What happens if i download or open an attachment to a phishing email?

If you download or open an attachment to a phishing email, you could potentially expose your computer or device to malware, viruses, or other types of malicious software that can cause harm or steal your data.

Here are some potential consequences of downloading or opening an attachment to a phishing email:

  • Installing malware: The attachment may contain malware, such as a Trojan or virus, which can be used to gain control of your device, steal your personal information, or launch further attacks on other devices on the network.
  • Encryption of files: The attachment may contain ransomware, which can encrypt your files and demand payment in exchange for a decryption key.
  • Stealing personal and financial information: The attachment may contain a phishing kit, which is designed to steal your login credentials, credit card number, or other sensitive information.
  • Launching attacks on other devices: The attachment may contain a botnet or other type of malware that can be used to launch distributed denial-of-service (DDoS) attacks or spread to other devices on the network.

If you download or open an attachment to a phishing email, it is important to take immediate action. This may include disconnecting your device from the network, running an anti-malware scan on your device, changing your passwords, monitoring your financial accounts, and contacting the IT department of your company.

 

What happens if I click a link in a phishing email?

<![if !supportLineBreakNewLine]>
<![endif]>

Opening a phishing link can be very dangerous as it will allow attackers to install malware and virus in the background without user knowledge. Once the malware is active, attacker can remotely control your computer, access contact information, encrypt the entire system to demand for ransom, use the device to infect other devices in the network. Clicking a malicious link will also allow attackers to gain more detailed information about you like which browser version you are using, permissions given to website, cookie information, system information and more.

As a precaution you might take the following steps:

  • Check the website address (URL) to identify if its legit or not. If you find the link suspicious, do not open it.
  • Report the source of the malicious URL to the IT department.
  • Block the website within your browser.


If you have clicked the link, then disconnect the computer from internet and any local network. Scan the system using an anti-malware/spyware software and browse through your installed applications to identify any unknown or malicious and uninstall it. Finally, backup your data and format the system.

 

What happens if I reply to a phishing email?

If you reply to a phishing email, you could potentially confirm to the attacker that your email address is active and monitored, making you more susceptible to future phishing attempts.

Additionally, replying to a phishing email will allow attackers to gather detailed information about the user and the email servers, like the route used to send, which can be backtracked to identify the server origin. If you include any personal information like full name, job description, company you work at, etc, attackers can use that information to create targeted campaigns. With series of targeted emails and replies, attackers can understand how you behave and reply, so they use that information to run other phishing campaigns. These sensitive information can also be used to impact the business reputation negatively. Your email will also contain geographical data which will further help attackers to identify your exact location. If you shared any sensitive information like credit card numbers or corporate information / documents, the attackers might use that to demand ransom against that information.

As a precaution, before replying to an email, always verify the sender email address. If you are replying a co-worker, do confirm over a second communication channel before sharing any confidential information.

If you accidentally replied to a phishing email, it is important to take immediate action. If information has been shared, verify the email content and inform the IT Department about the information shared with the attacker. Save the conversation for IT department to verify and identify exposure for the business. Scan the system for Malware/Virus using a reputed antivirus/malware scanner. Also, it is advisable to change your passwords.

What happens if I submit sensitive data to a phishing website?

Phishing pages might contain forms like login pages for email clients (e.g Outlook, Google), banking pages, parcel tracking etc.

If you submit sensitive data, such as your login credentials, credit card information, or personal identification details, to a phishing website, you are giving the attacker direct access to your personal and financial information. This can lead to various forms of identity theft, fraud, or other crimes.

Here are some potential consequences of submitting sensitive data to a phishing website:

  • Identity theft: The attacker can use your personal information to impersonate you or create fake identities in your name. This can include opening new credit accounts, taking out loans, or committing other financial crimes.
  • Fraudulent charges: The attacker can use your credit card information to make fraudulent charges, potentially leading to financial losses and damage to your credit score.
  • Unauthorized access to your accounts: The attacker can use your login credentials to access your online accounts, steal your personal information, or carry out fraudulent activities on your behalf. Access to your email accounts can also allow attackers to get hold of your passwords, browsing history, bookmarks and access to other accounts using Single Sign On (SSO).
  • Blackmail or extortion: The attacker can use the sensitive data you provided to blackmail or extort you, potentially leading to further financial or emotional harm.

If you submit sensitive data to a phishing website, it is important to take immediate action to protect yourself.

  • Check account login logs for unknown access.
  • Consider changing the password for the affected account. Additionally, you might want to enable 2FA authentication on all the accounts so that compromising the credentials will not allow attackers to gain control. Also, enable login notifications and setup backup accounts to get alerts when new devices login.
  • Contact your bank or credit card provider to report any unauthorized charges, place a fraud alert on your credit report, and monitor your financial accounts for any suspicious activity.
  • Additionally, you should consider contacting the relevant authorities or service providers to report the incident and seek further guidance.