Why an antivirus can still not stop a phishing attack

By: |
June 29, 2020 4:35 AM

A phishing attack usually happens by faking identity, a malware, however, is introduced into a device.

Kushwaha says generally this kind of an attack happens via a link or via email.Kushwaha says generally this kind of an attack happens via a link or via email. (Representational image)

Last week, CERT-IN issued an advisory stating that a lot many devices may be subject to a phishing attack. While this did scare a lot of people as to what could happen, or whether someone can hack into their account using WhatsApp or any other chatting service, where the government failed was to educate what a phishing attack and what it could entail. Speculations only led to more fear and hackers and scammers praying on fear of people. An antivirus can save your system from a lot of attacks, but, Pavan Kushwaha, CEO, Kratikal Tech Pvt. Ltd says that an antivirus can still not stop a phishing attack.

What is phishing?
A phishing attack is where a hacker or a scammer impersonates the identity of a website or a company and takes your personal and financial information. It can be in the form of mails that one usually gets about clicking a link for cashbacks or where the website of an e-commerce player is replicated completely. To illustrate, a phishing attack would entail the website of, say, a Flipkart being replicated. However, the web browser url will be different. As most people do not check urls, this can lead to an attempt to extract financial information.

Can someone get into a phone using WhatsApp or any social media images or videos?
A phishing attack usually happens by faking identity, a malware, however, is introduced into a device. Kushwaha says generally this kind of an attack happens via a link or via email. Doing so over a WhatsApp or any other instant messaging would require very high expertise, as the hacker would need to know the vulnerabilities in the service. But major proportion is via email.

How important are cybersecurity solutions or antiviruses?
Nowadays, these are extremely important. But you should have an updated version, not some cracked version of an antivirus. A link scanner, Kushwaha says, is very important. So, when you click that link and get to your browser the antivirus can detect the bad links. However, he says that awareness is equally important because no antivirus can counter a phsihing attack. That requires a person to be aware. His company, Kratikal , launched an online test to generate awareness. He also regularly uplaods videos on cybersecurity and hygiene.

And, how can companies keep themselves updated?
Kushwaha says that attacks on companies have increased manifold since the lockdown. Hackers know that there are vulnerabilities in home networks and they can exploit them. Companies need to protect their portfolios, so that a fraud doesn’t happen in their name. For instance, recently people started receiving mails from ncov2019@gov.in, which is a government id, as hackers were able to mask their identity with this address. But there are solutions that can avoid this, so that no other domaim can send a message using a company’s email id.

Techsplained @FE features weekly on Mondays. If you wish to send in queries that you want explained, mail us at ishaan.gera@expressindia.com

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

Next Stories
1AGR dues: ISPs may move Supreme Court to seek relief on lines of PSUs
2Some support from UK govt required to make business self-sustaining: Narendran
3Open access norms: Regulator gives short-term respite to CGD players