Reply To: Topic 1 Computer Networking and Cloud computing

[Noi Yar]

I have learnt a lot from the video and also from you all. As non-IT person, I have only experienced phishing attacks in the form of emails. But in the past 1 or 2 years in Myanmar, I have found a lot of victims of phishing attack with elements of social engineering and potentially mobile malware. The attackers used deception to trick users into installing a malicious mobile app, which, in turn, allowed them to steal sensitive information and initiate unauthorized transactions. The attackers set up a Facebook page selling services or pretending official Facebook page of banks to lure potential victims. They then encouraged customers to install a mobile application, promising discounts as bait or ask for banking information claiming it is needed to secure the bank accounts. Once users installed the mobile application, it requested certain permissions. After gaining these permissions, the app could have started harvesting sensitive data from the user’s device. With access to sensitive data, the attackers might have used the stolen information to initiate unauthorized transactions, including mobile banking transfers, without the victims’ knowledge or consent. It’s also possible that the app contained malware designed to facilitate unauthorized access to the user’s mobile banking application. Malware can silently run in the background, allowing attackers to take control of the device.