14th July 2021, Kathmandu
96% of phishing attacks arrive by email. Another 3% are carried out through malevolent websites and just 1% via phone. When it’s done over the telephone, we call it vishing, and when it’s done via text message, we call it smishing.
According to Sonic Wall’s 2020 Cyber Threat report, in 2019, PDFs and Microsoft Office files (sent via email) were the distribution conveyances of cull for today’s cybercriminals because these files are ecumenically confided in the modern workplace.
65% of active groups relied on spear-phishing as the primary infection vector when it comes to targeted attacks. This is followed by watering aperture websites (23%), trojanized software updates (5%), web server exploits (2%), and data storage contrivances (1%).
Last Year
- In mid-April, Google’s Threat Analysis Group reported that they blocked 18 million COVID-19 themed malware and phishing emails per day.
- In November, the IRS teamed up with multiple states and industry organizations to admonish U.S. denizens of an SMS-predicated phishing scam teasing a $1,200 economic impact payment from the ‘COVID-19 TREAS FUND.
- Some categorically malevolent hackers opted to imitate federal workers and contact business owners, asking for personal information under the guise of applying for minuscule business assuagement loans through the CARES Act.
CASES In Nepal
- On 15 January 2021, Phishing commenced by engendering a fictitiously unauthentic Facebook page in the denomination of Nepal Bangladesh Bank verbally expressed that it will provide 10,000 jobs.
- NABIL BANK CASE:
Nabil Bank Naresh Lamgade, a denizen of Anarmani Village Development Committee (VDC) of Jhapa District Nepal, allegedly hacked into the accounts of the Nabil Bank’s customers by engendering a fictitiously unauthentic website of the bank.
He sent email messages to the Nabil Bank’s e-banking customers asking them to transmute their security codes and provided a link to perform so.
When the customers clicked the provided link, it directed them to an unauthentically spurious e-banking website of the Nabil Bank.
Several of the customers fell prey to his artifice and unsuspectingly revealed their online banking credentials to him.
Utilizing the details obtained from the phishing attacks, he was prosperous to withdraw money from the victims’ accounts.
According to the investigating officer, Lamgade admitted that he illicitly withdrew Rs 32,000 from the victims’ accounts, whereas the bank claimed that he withdrew Rs 50,000.
Nepal Investment Bank:
Nepal Investment Bank Inhibited (NIBL) customers received emails verbally expressing that their e-banking accounts have been incapacitated and asked to visit the provided link to enable it.
The link directs them to an unauthentically spurious website where the victims were asked to provide their online banking credentials. After the customers enter their online banking credentials, the website apprises them their account has been prosperously enabled.
But in fact, it was just an endeavor to dupe and illicitly amass e-banking credential from the bank’s customers and misuse it to withdraw money from victims’ accounts. As a result, Rs 1.2 million was glommed from victims’ accounts.
The Central Investigation Bureau (CIB) of the Nepal Police was investigating the incident. The police verbally expressed that the IP address of the electronic mail emanated from outside the country.
The issue received less priority as the bank did not lodge a formal complaint on the issue, verbalized by a CIB official.