Iran's Computer Emergency Response Team Coordination Center (Iran CERTCC) has put out an alert, cautioning users that the number of phishing scams across the country has jumped, with hackers often employing applets for Android-powered smartphones to target victims.
The center, affiliated to the ICT Ministry, has posted a warning on its website which cautions that soaring phishing attempts have roiled Iran's society over the past two months.
Phishing is a type of attack that typically attempts to trick the victim into clicking on a link or executing a malware. It is an attempt to compromise a device to steal sensitive information, passwords, usernames, pins, credit card details and gain unfettered access to a user's device, network or valuable data.
Phishing is one of the most successful and common types of cyber attacks, since it is easy to perform, is cheap to set up and yields good returns for the attackers.
While the majority of phishing attacks across the globe are conducted via spam emails, considering the lack of an email culture in Iran, hackers have instead developed malicious mobile applications to conduct cyber attacks against uninformed users. Furthermore, they employ social media platforms like Telegram to disseminate defected links.
Two common cyber attack methods in Iran are releasing the file of a corrupt app in Telegram channels and sending text messages containing malicious links.
Due to lack of publicity on the importance of cyber security, people continue to get tricked into clicking on content they must always tiptoe around.
Companies need to invest in strong endpoint security technology to protect sensitive data and the public needs to education on the subject.
>Education a Must
Iran CERTCC has issued a notice to raise awareness about phishing and minimize the chances of people falling victim to virulent cyber attacks.
Since hackers have enlisted Android apps to deliver the attacks, the guidelines included in the center's warning are dominated by methods to prevent Android users from victimization.
According to Iran CERTCC, users must refrain from installing programs published by unverified sources on social media platforms.
The most well-known resource for Android users is Google Play; however, even though the app store is legitimate and Google runs reoccurring scans of uploaded apps to detect malwares, it is highly recommended to always check the name of the software developer to ensure its validity.
>Secure Payment Methods
Users must be cautious when making payments inside mobile applications. Any kind of in-app payment must direct the user to a browser page.
Shaparak, the Central Bank of Iran-affiliated supervisory entity in charge of the country's payment settlement network, has released the name of authentic payment gateways listed in the chart attached to this article.
Gateways must always contain the domain name shaparak.ir. It is advised to report the name of any other payment domain to Iran CERTCC or the Iranian cyber police to be blocked before preys incur serious losses.
If you suspect a phishing attack, contact your bank immediately. Furthermore, IT security solutions provider Avast, QuickHeal and Greenify offer anti-phishing services.
>Global Threat
Microsoft released its annual cybersecurity report in March, according to which phishing is the most common way for cyber criminals to attack, giving security experts a headache everywhere.
According to Microsoft, the potential cost of cyber crime to the global community is a mind-boggling $500 billion, and a data breach will cost the average company about $3.8 million.
Statistics released by different companies show that phishing attempts have grown 65% during the previous year.
Almost 76% of businesses reported being a victim of a phishing attack in 2017 and 30% of phishing messages get opened by targeted users and 12% of those users clicked on the malicious attachment or link. Nearly 1.5 million new phishing sites are created each month.
Phishing attempts are on the rise and it is of paramount importance for media outlets and authorities around the globe to supply information to the public to help them avoid being duped by grasping hackers.
