5th August 2021, Kathmandu
Telecommunication service providers Nepal Telecom and Ncell have been found to have another phishing attack.
Phishing attacks are taking place on the social network Facebook with posts including names, logos, and misleading advertisements of Telecom and Ncell.
What is Phishing?
Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware.
Phishing attack in Ncell and Nepal Telecom
It is requested to click on the given link saying ‘data free’ in such a post. Facebook users who have no general knowledge of phishing hastily open such links.
According to the link, the account will be hacked by filling in the requested personal details and all the details including secret chats, photos, videos on your Facebook may be leaked.
Therefore, cybersecurity experts suggest not to open such links as much as possible.
Earlier, there were phishing attacks on Facebook in the name of telecom, Ncell, and other companies. Cybercriminals are known to use this brand name to lure and deceive.
They are phishing people by copying local Facebook posts and pages from different countries and luring them to advertise and offers similar to those countries.
Phishing links in the name of companies with many users in Nepal have been being posted on Facebook for about a year.
Hosted phishing sites have been found to have a login panel for users. After logging in, users’ login credentials fall into the hands of hackers.
However, Facebook has already stopped approving ads to eliminate such phishing pages. But scammers use Beatle Link, which at first glance looks like an honest page. But once approved, they all change to phishing domains.
Meanwhile, various companies and organizations including Telecom, Ncell, Nepal Telecommunication Authority have urged their customers to get information only from the official website and social media.
Ncell has urged users to be vigilant, saying such actions are out of their control. “If Ncell is advertised, it is important to make sure that the page is official”. If left unmanaged, they can be left astray and lose the right path. “
Nepal Telecom has also urged the customers not to provide any of their details and information on the official website and social media page.
How is phishing done?
Phishing is done very cleverly. In most phishing scams your personal financial information is stolen online.
Then your money is withdrawn illegally. Such activities are happening daily in the world of the internet. But we remain ignorant of such activities.
Attackers are always using new and different techniques. That is why we must always be vigilant.
In phishing attacks, user details are collected through fake links on websites, emails, social networks, and so on.
Spare phishing is a new art of personalizing phishing attacks. One-third of phishers always target a person. The rest of the attacks focus on less than 10 people.
If you have applied for a job in an office, sometimes the HR department of such organizations can be hacked. In case of a hack, you can get the mail listed as shortlisted. But you may be charged a fee for selection.
Email is the medium most often used by phishing attackers. The attackers first gather information about the organization. Small companies are in a very weak position in this regard.
The attackers then circulate documents that look like internal documents to the office network via mail. Once employees click on it, malware is installed on the system and financial withdrawals begin.
The attackers then circulate documents that look like internal documents to the office network via mail. Once employees click on it, malware is installed on the system and financial withdrawals begin.
Phishing is an email cyberattack that can expose an entire network to a ransom attack.
A phishing attacker sends an official or business-like mail to any targeted email address. But behind such mails, there are deadly scams.
The communication of such fishers seems very normal and innocent. But it can ask you for sensitive information. Your account can be confirmed or logged in somewhere.
How to identify a phishing attack?
Some phishing is also difficult to identify. How to recognize a phishing attack in such a situation?
1. Suspicion and careful vigilance
Attackers are always taking advantage of your haste and weakness of trust. Control such behavior. Be careful when reading emails.
2. Check the credentials
If the configuration of the email you send is not the same as yours, know that it is not mailed from your company.
3. Consider the link carefully
Take a good look at the link with your mouse. See if it goes to the right domain. The name of the organization must be in the domain. If you have more than you need, be skeptical.
4. Do not enter anything in the password field
No organization or company will ever ask for your password. You have the privilege of password and that is your privacy.
If someone asks you for a username or password from your mail, go to the company’s site directly from the link and check the site once.
