Maharashtra Cyber, a nodal office in the state for cybercrime investigation and maintenance of cybersecurity, on Tuesday issued an advisory related to phishing kits on sale on hacker forums.
Maharashtra Cyber in a statement said that a phishing kit is a collection of software tools that makes it easier for people with little or no technical skills to launch a phishing exploit. "The goal is to trick the person into performing a specific action that will benefit the attacker -- typically, this involves getting the victim to click on a malicious links, open an infected attachment or authorize a transfer of funds," it said.
The state cyber team said that hacker forums have huge collections of more than 1,300 phishing kits on sale that cover top-rated websites, banks, and financial organizations on the internet. "The list covers high-value services: PayPal, Dropbox, Amazon, OneDrive, Office 365, Outlook, Gmail, Spotify, Netflix, Bank of America, Chase, Wells Fargo, First Bank, Apple, Facebook, Linkedln," Maharashtra Cyber said.
The state cyber team also released precautions citizens can take to avoid phishing activity. It said that citizens should never reveal personal or financial information in an email, and never respond to email solicitations for this information. Maharashtra Cyber also said that people should always check the security of the website and pay special attention to the website's URL.
Here are few precautions citizens should take:
• Never reveal personal or financial information in an email, and never respond to email solicitations for this information.
• Before sending or entering sensitive information online, always check the security of the website and pay special attention to the website's URL.
• Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain.
• Always check if the website URL starts with `https://'. HTTPS is a secure way to send data between a web server and a web browser.
• If unsure whether an email request is legitimate, try to verify it with information outside the content of the email.
• Never open any attachments or links shared by strangers via email. Doing these actions can install malware on your machine.