On the other hand phishers are facing threat from whalers, who attempt to gain access to online databases, where phishers store the stolen information by using a tool called autowhaler. The tool allows whalers to search common Phishing URLs, where phishers hide their login credentials. Recently, security researchers at GFI Labs identified a unique tool termed as '666 autowhaler'. When a whaler downloads the tool, they inadvertently download a Trojan designed to extract login credentials. The detection again reveals the vicious nature of cybercrime world.
Internet users must be wary of e-mails seeking login credentials or suggesting reconfiguration of e-mail clients. Phishing e-mails attempt to deceive users into compromising sensitive information by urging prompt action and spoofing the e-mail address to make them appear as coming from a legitimate source. They may also spoof the links in the e-mail to make them appear as a web address of a legitimate company. As such, they must prefer visiting a website by typing the web address rather than following a link on Instant Messengers (IMs), Internet Relay Chat (IRC) or e-mail addresses. Cyber security training programs and online degree programs may help users in improving their online computing practices. They may also report fraudulent e-mails to respective legitimate companies or concerned regulatory authorities in their country. Such attempts will help organizations and regulatory agencies to initiate appropriate action and prevent other Internet users from falling prey to fraudulent scams.
E-mail clients help employees to manage and organize their e-mails. Phishers may attempt to gain sensitive information regarding organizational networks by targeting employees through sophisticated schemes. Employees who receive e-mails seeking such information must immediately report to the concerned head of the IT department. Organizations must educate employees on the incident response procedures and information security practices through induction and e-learning programs. They may also collaborate with technical institutions and educational institutions and encourage employees to undertake online university degree programs and improve cyber security practices in the organization.
Cybercriminals constantly endeavor to improve their attack techniques. Professionals qualified in masters of security science may help organizations to assess prevalent security threats, envisage future threats and devise appropriate policies to improve the defenses of the organization.