Recently, online phishing has increased drastically, and messages such as win gift raffles by registering or get a chance to get your hand on government subsidies are circulating around. Such messages usually get associated with Nepali businesses or banks, leading people to believe that such events are real.
Unfortunately, many have already fallen prey to such scams and have even put their personal information and data at risk. Some have even claimed to have lost their money as they paid for the so-called registration fee. Such messages are usually mass phishing attacks and are mostly done for stealing credentials or spreading malware.
Veshraj Ghimire a cyber security enthusiast is taking the time and effort to make people aware of such scammings and how people can save themselves from such incidents.
How to know if it’s a scam?
Just see the URL, if the link says the offer is from NTC then the link must contain NTC’s URL, which is ntc.net.np. However, most of the phishing pages have tld as .xyz .space .online .top in their URL so do be alert and check for that. Also, check if the website has HTTPS or not. Most phishing websites don’t have SSL.
Below is an example of a Phishing Website vs a Legit Website
Why does Online Phishing Still Exist Today? Is it Due to the Lack of Awareness?
Well, that’s because people are strangely greedy; they abuse the fact that an attacker can access someone’s account and utilize it for his or her personal gain. These types of assaults have been reported to have hacked numerous IT experts.
If any victim’s account is compromised as a result of this attack, the attacker can now send the link to all of the people on his buddy list, aiding in the dissemination of the link across the public domain.
Does opening such a link hack your account?
Unless the website where you have an account has some security flaws, you won’t merely get hacked by clicking the link. The CORS function in browsers prevents one site from accessing any other site’s cookie or data, therefore the phishing link cannot access the cookie on your other site.
However, this form of attack is mostly used to steal any user’s credentials.
What Veshraj found is that while you go to the ones websites, they pop up with messages like “this web website online desires to ship notifications, reproduction your clipboard, download this file?” This is something that might cause you to be hacked. They can idiot you into downloading malware or permitting them to get admission to your microphone, camera, or clipboard with a single click.
Here’s a brief video showing how they do this by abusing the browser’s API:
What if You Clicked These Links?
So, first and foremost, do not open those forms of links, however in case you do, do not panic; certainly clean information and cookies, and do not click on take delivery of in any form of popup. Never post your credentials except the URL starts with HTTPS. If you’ve already entered your credentials, change them as quickly as possible.
Changing the password means don’t just change RBB’s password if the phishing page is of RBB.
If the attacker obtains your credentials, he might nearly virtually try to log in the usage of your email/username on more than one site. So, in case you use a common password, ensure to change it on each website.
Lastly, implementing multi-factor authentication helps reduce the danger of these attacks.
About the Author
Like mentioned above Veshraj Ghimire is a cyber security enthusiast who loves to make people aware of Cyber Safety. He recently found a lot of online phishing taking place and felt it was necessary to educate innocent people about such scams and prevent them from becoming prey to such crimes.
Veshraj has rolled out an article and shared it to warn everyone of these cyber-attacks as per his understanding.
Note: Individuals who wish to share articles like this can send them to our email address [email protected] and get featured on our website.