This is the final issue of our Cybersecurity Awareness Series. So far, we have explored the types of phishing that are associated with our daily lives, such as angler phishing, and those that typically occur in our email, like clone phishing. Here in Part 4, we will explore phishing that can unknowing occur when we surf the internet.

1. Pop-up Phishing

What: Cybercriminals can infect legitimate websites with malicious code that makes you see a pop-up message when you visit the site. The pop-up messages will typically present a warning message that prompts you to enter their personal information or download a programme to fix the problem.

How to detect & what to do?

• Irregularities: Be vigilant and close the notification if you spot any irregularities like spelling errors, unusual colour schemes, or distorted logos in the pop-up.
• Be wise, don’t trust a pop-up: In general, do not trust pop-up messages on websites, especially if the message alerts you that something is wrong with your device. Legitimate IT support groups do not use pop-ups to alert you about issues.

2. Evil Twin

What: An evil twin is the fake free WiFi hotspot created by a cybercriminal. It looks legitimate, but using the fake WiFi will allow the cybercriminal to collect your login credentials.

How to detect & what to do?

• Requires login: Any hotspot that normally does not require a login credential but suddenly prompts for one is suspicious.
• Use VPN: A virtual private network (VPN) encrypts data as it passes between your device and a network. A system like this can keep you safe, even if you’re dealing with a hacker. If you log into a WiFi network without using a VPN, be careful what logins you use. Do not log into your bank account or work servers.

3. Watering Hole Phishing

What: Watering hole phishing occurs when cybercriminals infect websites that company’s employees visit often. When you visit that website, it will download malicious code onto your computer to gain access to your personal information and your company’s network.

How to detect & what to do?

• Pay attention to browser alerts: If your browser indicates that a site might have malicious code, do not continue through to the website, even if it one that you normally use.
• Monitor firewall rules: Ensure that firewall rules are continuously updated and monitored to prevent inbound traffic from a compromised website. Also, all third-party traffic ought to be treated as untrusted until otherwise verified.

Report email & phishing scams to: [email protected]. Report social scams & phishing via Whatsapp or SMS to: +60187000911.

Like all types of phishing, always pay attention to irregularities in what you see and do not fall for pop-ups!