Phishing Emails

A phishing attack is a category of cyber-attack in which hackers send messages pretending to be a trusted person or entity.

Phishing messages can influence users, causing them to perform actions such as installing malicious files, clicking on harmful links, or exposing sensitive information, including bank account credentials, passwords, and credit/debit card numbers.

This message can be sent to the target via email, messaging applications, or even SMS services.

How to be cautious against Phishing Attacks?

• Be suspicious of any email with an urgent request for personal information.
• Never share passwords, personal information, or financial information over email.
• Don’t click links in email messages if you suspect the message might not be authentic or if you don’t know the sender.
• Don’t trust offers that seem too good to be true.
• Email Authenticity: Always double-check the source and contents of a sensitive email that requests private information.
• HTTPS Websites: Users must make every effort to visit websites with an HTTPS certification.
• Password Rotation: To ensure the best security of our data, you must change your passwords every few months.

Email Fraud (Gift Card Scams)

Gift card scams are on the rise and can result in a victim losing hundreds or thousands of rupees.

In a typical scam, an employee/student receives an email or a text message that pretends to be from their co-student, faculty members, or another senior figure or person of authority. It asks them to buy gift cards and send them photos.

The scammer may ask you to communicate with them via text message or email only, unable to take calls.

Identifying Gift card scam email messages:

• Indicate some level of urgency, such as indicating they are currently busy or are heading into a meeting and need your help ASAP.
• Possibly include a subject line of "Are you available?" or "URGENT REQUEST“.
• Ask you to do them a "favor“, a promise of Reimbursement.
• Possibly have typos and grammatical errors.

What should I do?

• Reach out to the sender in a separate email or call them to check if they sent the request.
• Don't reply to the email or use any contact information provided in the email; attackers often provide fake numbers or email addresses that they control.
• If you find the email is a phish, report it! (cert-in helpline).
• Inspect the sender's email address to confirm it's coming from that person. Scammers will often send the email from a random email account and change the Display Name of the email address.

Spam Emails

Spam email is unsolicited and unwanted junk email sent out in bulk to an indiscriminate recipient list.

Typically, spam is sent for commercial purposes. It can be sent in massive volumes by botnets, networks of infected computers.

Here, Sender Name and Email ID are different, and the email is categorized as SPAM.

Blackmail or Sextortion Emails

It is an email scam where an attacker claims to have compromised the victims' machines, sensitive data, including sexual content and pictures.

The attacker demands payment, bitcoins, gift cards, or more photos, and threatens to publish the data on the internet.

Example: The emails claim to have video of users watching "adult sites" and demanding $900 if they don't want the video shared with all of their contacts.

How to respond to sextortion?

• First of all, do not panic.
• Do not respond and do not pay.
• However, if you download any attachment or click any links from this email or suspect that your PC or mobile might be infected with malware, you can scan your device for malware.
• Talk with someone you trust, like a close friend, teacher, or parent.
• Report tech companies and any threats or images to the help center of Facebook, Instagram, etc., to have them removed if shared.
• Some notable free antivirus programs like Sophos Home Premium, Hitman Pro, and Bitdefender, you can use.
• Do not worry if the phish includes your password; likely, this has been obtained from historic breaches of personal data. If the phish includes a password you still use, then change it immediately.
• Keep your details private.

Email Attachments

Email attachments are one of the most common ways to get viruses or malware. Even though an attachment might look like a document Excel file. PDF, etc., it might contain a virus or malware.

A significant number of people open attachments from unknown email addresses. But it's critical that if you don’t know from whom the email is coming, then don't open or download the attachment.

Do not download these attachments unless you are sure that it is a legitimate emails.

Keylogger: As the name suggests, a key logger records all keystrokes on a keyboard. Most hackers use key loggers to get passwords and account details. Please be more cautious using credentials in public places and Internet cafes, etc.

Shoulder surfing: The attackers observe the user’s keyboard by looking over the user’s shoulder.

Tips for Password Safety

• Make sure to use unique passwords across all websites and applications.
• Enable and utilize 2FA, or two-factor authentication, on all websites that allow it.
• When you're creating security questions, make sure to choose unique, non-true answers, so you don't have to worry about someone resetting your password by knowing information about your personal life, or finding information on your social media accounts.
• If a data breach does occur, make sure to fully change your password, not just the number and symbol, and make sure to change your security questions as well.

Search engines are being used by users to ask any question they can think of. Be very careful when you're downloading anything that says that it's free, because even if it is free and it is a legitimate download, they might put something on your computer that you didn't want, or something malicious.

Malware: This is a malicious program or software that disrupts or damages the computer.

Sources of Malware:

• Removable media, like Pen drives, CDs, and DVDs.
• Viruses can be hidden in document files with the .exe extension. As soon as you open them, the virus activates.
• If you download from untrusted websites, there is a chance that those files will contain viruses, and as soon as you open them, the hacker might get access to your system.
• If the network is unsecured, then it can be accessed by anyone.
• Never open email attachments unless the sender can be trusted. These files may contain viruses to create backdoors.
• Never click on ads that you don’t trust. They are created so that you can click on them, and hackers will receive details about you.

Ransomware: Ransomware is a type of malware that encrypts a victim’s files and demands payment, usually in cryptocurrency, in exchange for the decryption key. Ransomware attacks are typically carried out through phishing emails, malicious downloads, or exploiting vulnerabilities in software. In recent years, educational institutions have become larger prime targets for ransomware attacks.

How to protect yourself from Ransomware threats:

• Don’t open unexpected email attachments.
• Make backups of your data and keep them separate.
• Install and use endpoint protection software like antivirus/EDR.
• Update with the latest OS and patches regularly.
• Don’t click links in email if the sender is unknown.