Context: GoDaddy employees fell prey to a social engineering and phishing scam that was launched to attack multiple cryptocurrency exchanges.

• Employees at the company were tricked into changing registration and email records, which were used to attack other organisations.

What is Phishing?

• Phishing attacks are the practice of sending fraudulent communications that appear to come from a reputable source.
• It is usually done through email.
• The goal is to steal sensitive data like credit card and login information, or to install malware on the victim’s machine.
• Phishing is a common type of cyber attack that everyone should learn about in order to protect themselves.

How does phishing work?

• Phishing starts with a fraudulent email or other communication that is designed to lure a victim.
• The message is made to look as though it comes from a trusted sender.
• If it fools the victim, he or she is coaxed into providing confidential information, often on a scam website. Sometimes malware is also downloaded onto the target’s computer.

What are the dangers of phishing attacks?

• Sometimes attackers are satisfied with getting a victim’s credit card information or other personal data for financial gain.
• Other times, phishing emails are sent to obtain employee login information or other details for use in an advanced attack against a specific company.
• Cybercrime attacks such as advanced persistent threats (APTs) and ransomware often start with phishing.

Have the authorities taken any measures to prevent such frauds?

• The Reserve Bank of India, has been taking measures to improve awareness through its e-BAAT programmes and organising campaigns on safe use of digital payment modes, to avoid sharing critical personal information like PIN, OTP, passwords, etc.
• However, it pointed out, despite these initiatives, “incidence of frauds continue to bedevil digital users, often using the same modus operandi users were cautioned about, such as luring them to disclose vital payment information, swapping sim cards, opening links received in messages and mails, etc.”.
• The central bank therefore directed all banks and authorised payment system operators to undertake targeted multi-lingual campaigns by way of SMSs, advertisements in print and visual media, etc, to educate their users on safe and secure use of digital payments.
• Additionally, the Maharashtra Police also recently issued advisories to people on how to avoid phishing.

Way Forward:

1. User education

• One way to protect from phishing is user education. Education should involve recognizing a phishing email and what to do when we receive one.
• Simulation exercises are also key for assessing how to react to a staged phishing attack.

2. Security technology

• No single cybersecurity technology can prevent phishing attacks. Network security technologies that should be implemented include email and web security, malware protection, user behavior monitoring, and access control.

3. Strict law enforcement

• Strict law enforcement, strict punishment and fast & fair trials can help to reduce the incidence of phishing.

4. Proactive investigation

• Proactive investigation as per the globally acceptable standards can act as a deterrent against these crimes.

5. Reform in law

• There is an urgent need to adopt a new reformed law, which includes all cyber threats or frauds.

https://www.thehindu.com/sci-tech/technology/godaddy-employees-fall-prey-to-phishing-attack-report-says/article33167499.ece?homepage=true