Privacy Ninja

Yes, you can win against phishing attacks.

Phishing attacks
Phishing attacks have been rampant and increasing nowadays, especially amidst and right after the neutralization of the Covid-19 pandemic. Here are ways to win it!

Yes, you can win against phishing attacks.

Phishing attacks have been rampant and increasing nowadays especially amidst and right after the neutralization of the Covid-19 pandemic. This was due to businesses and other establishments being pushed to go digital or risk being left out and out of business. 

In 2021, around 55,000 distinct Singapore-hosted phishing URLs (with a “.SG” domain) were identified in Singapore, which represents a 17% increase over the 47,000 URLs seen in 2020. More than half of the spoofed targets were social networking companies which could be due to unscrupulous actors taking advantage of public interest in WhatsApp’s new privacy policy statement about users’ phone numbers being shared with Facebook. These actors also used the opportunity in the Omicron sub-variant outbreak to fake government websites.

With this, Phishing attacks have become a global problem that is seemingly an unbreakable trend, with hackers acting like vultures that are increasingly becoming sophisticated in how they defraud people and exploit their vulnerabilities. With this constant threat of being preyed upon to be the next victim, one better is prepared and cautious every step of the way and win against these phishing attacks.

Also Read: Singapore Data Protection Officer: Why struggle when you can outsource?

Phishing attacks have become a global problem that is seemingly an unbreakable trend, with hackers acting like vultures that are increasingly becoming sophisticated in how they defraud people and exploit their vulnerabilities.

Microsoft is three steps ahead of bad actors waiting to exploit its victims, especially Microsoft’s very own users. With this, it now allows Office 365 customers to report phishing messages in Teams, a proactive approach indeed!

Microsoft will allow Office 365 customers to report phishing messages in Teams

Microsoft is working on an update to Microsoft Defender for Office 365 that would allow Microsoft Teams users to notify their organization’s security staff of any suspicious messages they receive. 

Microsoft Defender for Office 365 (formerly Office 365 Advanced Threat Protection or Office 365 ATP) safeguards enterprises against harmful attacks sent via email messages, URLs, and collaboration tools. 

This in-development feature seeks to help administrators to block potentially risky messages containing malware payloads or attempting to steer employees to phishing websites. 

“End users will be able to flag suspicious Microsoft Teams communications as a security issue, just as they do for emails – to assist the company in protecting itself from Microsoft Teams assaults,” Microsoft explains on the Microsoft 365 roadmap. 

While the improved submission function is planned to go general next month, the new user reporting capability is presently in preview and will most likely be available to standard multi-tenants until the end of January 2023 to desktop and online clients worldwide.

Security updates to Defender for Office 365 

This new Defender for Office 365 features expand on enhancements released in July 2021, allowing Microsoft Teams to detect and reject phishing attempts automatically. 

Microsoft accomplished this by expanding Defender for Office 365 Safe Links security to the Teams communication platform, which will aid in protecting users from malicious URL-based phishing assaults. 

“Safe Links in Defender for Office 365 examines URLs at the time of click to ensure that users are protected with the latest information from Microsoft Defender,” according to Microsoft. 

In November 2021, Redmond will also begin rolling out Built-In Security to Defender for Office 365. This new feature automatically activates suggested settings and policies to ensure that all new and existing users receive at least a basic degree of protection. 

Built-In Protection fills holes in enterprise protection coverage and is intended to improve an organization’s overall security posture by significantly lowering the risk of a breach. 

This security improvement for all Office 365 subscribers was quickly followed by the deployment of tailored protection for priority enterprise accounts in January 2022. (i.e., critical accounts of high-profile employees such as executive-level managers, the ones who attackers most often target).

Win against phishing attacks

  • Do not click on any of the embedded buttons or URLs if you receive an email purporting to be from your bank or any establishment and asking you to take action to remedy a problem or claim a reward. 
  • Instead, open a new tab, type the establishment’s official website into a search engine, and log in to the customer portal to evaluate any alerts or notices.  
  • Finally, never enter account information before verifying that the URL you’ve arrived at is legitimate.
With the constant threat of being preyed upon to be the next victim, one better is prepared and cautious every step of the way and win against these phishing attacks.

The major phishing incident in Germany serves to remind organisations to be extra vigilant when it comes to this type of fraud.

Germany apprehends a hacker for stealing €4 million through phishing attacks

The Bundeskriminalamt (BKA), Germany’s federal criminal police, raided the residences of three people who were accused of directing large-scale phishing attacks that scammed internet users of €4,000,000. 

One of the three people, a 24-year-old German citizen, was arrested and charged, while a 40-year-old guy was also charged with 124 counts of computer fraud. The third suspect is still being investigated. 

The phishing operations attributable to the charged men occurred between October 3, 2020, and May 29, 2021, according to evidence acquired by the German Computer Crime Office.

€4 million operation

The three men stole money from their victims by sending them phishing emails that were clones of genuine German bank correspondence. According to BKA, the fake was of outstanding quality and difficult to differentiate from legitimate bank emails. 

The emails notified recipients of impending changes to the bank’s security system, which would certainly affect their accounts. To continue utilising the bank’s services, the victims were asked to check in to a phishing website, giving the hackers access to their credentials. 

Furthermore, the victims were prompted to provide their TAN (transaction authentication number), which is a one-time code for online transactions, allowing the hackers to access and take monies from their e-banking accounts. 

As stated in the BKA release, the threat actors even attempted DDoS (distributed denial of service) attacks on the banks in the hopes of concealing their fraudulent activities. 

“The companies’ websites, servers, and networks were overburdened by massive amounts of automated inquiries, causing online services to be unavailable or significantly restricted,” according to BKA’s notification (machine translated). 

“To carry out their crimes, the accused are believed to have accepted proposals from other cybercriminals working on the dark web, selling various types of cyber attacks as crime-as-a-service.” 

Conclusion

With the stealthy nature of phishing attacks, you will never readily know that bad actors are already baiting you to step into their malicious web. By not being careful of email invites with sketchy links or attachments, the risk of being the next victim is high and apparent.

Good thing that Privacy Ninja is here to help. Privacy Ninja offers email spoofing prevention that checks if there are any vulnerabilities in your system that needs to be acknowledged before a bad actor can successfully exploit it and target your employees.

Also Read: 5 Ransomware Singapore facts: What your organisation should know

Outsourced Data Protection Officer – It is mandatory to appoint a Data Protection Officer. We help our clients quickly comply with their PDPA & data protection requirements.

Vulnerability Assessment Penetration Testing – Find loopholes in your websites, mobile apps or systems.

Smart Contract Audit – Leverage our industry-leading suite of blockchain security analysis tools, combined with hands-on review from our veteran smart contract auditors.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Powered by WhatsApp Chat

× Chat with us