Phishing scams on the rise in Singapore
ST logistics, a private vendor for Singapore Armed forces (SAF) responsible for providing third party logistics such as equipping services and e-mart retailers, as well as HMI Institute of Health Science have both reported recent cybercrime incidents. In December 2019, SAF confirmed that as a result of Phishing activity, the personal data of 2,400 SAF employees could have been compromised, with projected data based on the total data present in the system possibly affected.
In an unrelated incident HMI Institute of Health Science reported a probable compromise of 120,000 individuals’ records, which also included 9,8000 records of SAF employees due to a ransomware attack on one of its servers. The SAF servicemen, whose personal information was affected, had attended cardiopulmonary resuscitation and automated external defibrillation courses conducted by the HMI.
Both HMI and ST Logistics carried out extensive forensic investigation probes into these activities with the assistance of both their own cybersecurity team and with the support of external cybersecurity experts. The affected data consisted of personal information such as name, email id, contact numbers, NRIC numbers, birth dates, and address. Though none of the organizations provided the exact details regarding the breaches, one common element in both the incidents was the occurrence of Phishing.
Phishing attacks are the foundation for a majority of advanced and potent malware attacks. Though follow up attacks form the important part of any cyberattack, their ability to cause damage to a system depends upon the success of the Phishing scam. There exist different types of Phishing attack.
The prevention of Phishing for a non-technical person is improved with anti Phishing education and awareness provided by many reputable organizations such as OhPhishKnowB4, Infosec, etc, which provide education and training for an organization’s employees against Phishing attacks. Only understanding Phishing theoretically is not sufficient because, even if a person knows Phishing is done via malicious/spam emails, one cannot possibly differentiate between a benign and malicious email. Thus, practical experience of Phishing attacks and how to tackle them is very helpful. OhPhish solutions provide virtual simulations for Phishing attacks by sending employees Phishing emails and monitoring their response to it, based on their result-tailored education and mitigation knowledge.
As the user her/himself is the first line of defense against any cyberattack, the knowhow to tackle Phishing attacks is highly important. Anti-Phishing education organizations could not only help to educate the employees of any organization, on ways to recognize and tackle Phishing emails, but offer the advice and training of security experts along the way. The training the of IT people regarding different types of Phishing modes can be done as:
Q. What spear Phishing?
A. Spear Phishing is a targeted attack where the attacker conducts research on the victims before sending a personalized message or email
Q. How spear Phishing is different from Phishing?
A. While Phishing is a broader term, Spear Phishing emails are a targeted approach, where the attacker targets either a single recipient or a bulk of recipients based on the same characteristics.
Q. What are different Phishing scams?
A. There are multiple types of Phishing attacks like Email Phishing, Spear Phishing, Whaling, Angler Phishing, Smishing and Vishing.