Tuesday, December 17, 2019

Security Beware Phishing

I happened to attend Security Hacker Jam session. It was an eye opening session never thought of there are so many things we tend to forget and act unknowingly in a spur of a moment. Digital world and technology has changed lot of things for us whether it is a web cam, an app or any sort of software you use. it is very difficult to assess and certify it is 100% secure. Moment you start using them you might be in risk of security vulnerable.
Having said that Phishing of different kind is taking toll on our personal data and we compromise so many things in the process.


  • Never act under pressure, take 3 sec to think if you have to act. For example you're in a meeting and you got an email, you see some urgency to reply and it happened that you acted upon an urgency to get rid off one of your task perhaps you have risk the data. You have opened up spam email thar resulted in breach in security.
  • Never leave your system unattended someone can use Rubber Ducky USB to get access to your sensitive data.
  • Never ever use lost USB , it might be left for purpose so that you can use them and it just do its magic
  • Phishing scams are the most common way for criminals to steal information, take control of a network or cause harm to organisations or individuals.
  • They use ‘bait’ to have you click on a link, download an attachment or perform an action. 
  • The objective is to get users to provide personal or account information, or to make wire transfer funds to fraudulent accounts.

Type of Phishing

  1. Smishing - Doggie Links through SMS
  2. Vishing - Voice +phishing- Through call
  3. Spear Phishing- sending emails to millions of unknown users
  4. Whaling- Whaling is not very different from spear phishing, but the targeted group becomes more specific and confined in this type of phishing attack.This technique targets C-suite posts like CEO, CFO, COO – or any other senior management positions – who are considered to be big players in the information chain of any organization, commonly known as “whales” in phishing terms.

Best practice to act on email

  1. Don't trust the display name. 
  2. Does it sound too good  to be true? 
  3. Think before you click. 
  4. Check for spelling errors. 
  5. Beware of urgency. Asking for personal information. 
  6. Check the email signature. 
  7. When in doubt, ask for help.