Bijay Limbu Senihang, a cybersecurity professional, shared a list of websites of Nepal where phishing pages are hosted. The list contains 58 unique sites that have been compromised to host phishing pages.
Why it matters:
- According to Global Phishing Survey 2016, there were 255,065 unique phishing attacks worldwide.
- Phishing is one of the most common forms of fraud worldwide, though it has not been heard much about in Nepal.
- However, the list shared by Bijay Limbu is a wake-up call for Nepal to realize that we are not secure against phishing attacks.
- The list contains various sites that can make Nepali users a victim of phishing.
What is Phishing:
- Phishing is a form of illegal hacking in which an attacker impersonates a reputed company or a person in email or other forms of communication.
- The phishing email contains harmful links that look like an original content. However, the attackers can extract various information from the user such as login credentials and account information from the fake site.
- For example, attackers pretend to be a reputable company and send an email with a link that instructs the user to login to their account to settle some discrepancy. The link will lead the user to a fake site that looks same as the original site. The information that the user enters into the site is easily accessed by the attacker.
By the numbers:
- According to the FBI, Business Email Compromise (BEC) scams have accounted for more than $5 billion in losses between October 2013 and December 2016, with more than 24,000 victims reporting incidents worldwide.
- According to Symantec 2017 Internet Security Threat Report (ISTR), 1 in 131 emails contained malware in 2016, the highest rate in 5 years.
The list contains compromised sites from various categories including government and personal sites.
- The major compromised sites for hosting phishing pages belong to tourism category including sites such as Tripbooker, Vistatravels, Ecotourism, MechiTourism, etc.
- The government sites include Department of Agriculture – Soil Management Directorate, Secured Transaction Registry Office of Nepal, etc.
- The educational sites that have been compromised include official sites of Orchid books, Caspian Valley College, Rosemary Idol Boarding School, etc.
- Popular e-commerce site NepBay is also among the list of compromised websites.
- Besides these, there are various personal sites in the list.
- Threat Report 2017: Current State and Vulnerability of Cyber Security of Nepal
- Nepal and Cyber Security: A Review
- NIC Asia Bank Seeks Support From CIB to Hunt Down Hacker
Read all the tech news of TechLekh. Stay updated!