Your Voice: Phishing and you: Don’t get hooked

The internet is a very vast world, so vast that its existence is comparable to our real world. Consequently, this huge world has its own criminals who can be referred to as cyber criminals. One example of an internet crime that is widespread and can serve as robbery in the real world is “phishing.” 

Phishing is the act of illegally acquiring sensitive information, such as usernames, passwords, and bank details from users. It is similar to fishing in our real world when using bait to catch fish. Cyber criminals focus on trustworthy websites such as E-bay, Amazon, and PayPal, to trick people into divulging sensitive information using their personal emails. The scenarios that cyber criminals rely on to bait people include: clicking links, downloading attachments, and filling out forms. If a phishing attempt is successful, cyber criminals can internally scan and attack the network. As a result, confidential information and data can be compromised. 

A phishing attack typically starts with an email that claims to be from a legitimate website, like a banking website or online store. The goal of the email is to obtain private data from the user, so it either asks the recipient to reply with personal information or it links to a website that looks remarkably like the original site. If the user is convinced and enters private details on the site, that data is now in the hands of the attacker. If the user filled in login details, they can then use those credentials to log in to the real website, or if the user provided credit card details, they can use the credit card to make purchases anywhere.

Fortunately, there are ways to recognize phishing emails. Phishing emails will often come from addresses at domains that don’t belong to the legitimate company. Phishing emails will also link to a website with a URL that looks legitimate, but is actually a website controlled by the attacker. In addition, attackers will use non-secured HTTP connections; any website that is asking you for sensitive information should be using HTTPS to encrypt the data sent over the internet. Moreover, phishing emails use urgency and scare tactics, which is psychological manipulation, in an effort to get us to lower our guard and respond quickly without thinking through the consequences.

These days, computers or smartphones are a necessity that our day-to-day lifestyle depends solely on these devices. Lack of knowledge about cybersecurity can severely impact a person’s personal life or an organization’s confidential data. That is why there are many security mechanisms in place to protect personal data and an organization’s data. But the weakest link with these types of security mechanisms is the individual. With the absence of cybersecurity awareness, the individual can freely give away their personal data or organization’s data to cyber criminals. It is very difficult for security mechanisms to protect sensitive data if the user, who is the first line of defense, lacks important knowledge about cybersecurity. 

Phishing has been the most talked about topic in Aramco for the past few of years. After the unfortunate virus attack in 2012, Aramco has been continuously striving to maximize the awareness among the employees. While cybercrimes keep increasing and getting stronger every day, we must keep improving and keep getting stronger too. 

This is why the Aramco Information Protection team has been increasingly conducting the number of workshops to raise the employee’s awareness level to mitigate any potential security risks. And we, the employees, must collaborate with our team members to emphasize the importance of the effective ways to deal with these security risks to avoid any unexpected and unfortunate ramifications.

Your Voice reflects the thoughts and opinions of the writer, and not necessarily those of the publication.