Phishing: what it is and how to protect yourself from it

[Carding 4 Carders]

The first phishing attacks appeared at the end of the last century, and now, according to Google estimates, about 12.4 million users worldwide fall victim to phishing every year. Despite the fact that traditional phishing methods are gradually becoming a thing of the past, this type of fraud still poses a serious threat to individuals and companies.
Rusbase offers to understand the term in more detail.

Navigating the article:
1. What is phishing
2. The history of phishing
3. What is the purpose of phishing
4. Types and schemes of phishing attacks
5. Protection against phishing
6. Phishing in World
7. Conclusion

What is phishing
Phishing (phishing, from fishing) is a type of Internet fraud, the purpose of which is to obtain user identification data (logins and passwords to bank cards, accounts).
Most often, phishing is a mass mailing of letters and notifications on behalf of well-known brands, banks, payment systems, mail services, and social networks. Such letters, as a rule, contain a logo, a message and a direct link to a site that looks indistinguishable from the real one. The link is required to go to the site of the "service" and, under various pretexts, enter confidential data in the appropriate forms. As a result, fraudsters gain access to user accounts and bank accounts.

Phishing history
The term “phishing” appeared in 1996 on the alt.online-service.America-Online Usenet newsgroup. The first mentions of phishers were associated with the media company AOL, when the scammers presented themselves as AOL employees, addressed users via instant messaging programs, and on behalf of the company's employees asked for their account passwords. After gaining access to the account, it was used to send spam.
In the early 2000s, phishing spread to payment systems, and in 2006, users of the MySpace social network were subjected to phishing attacks, as a result of which their credentials were stolen.

What is the purpose of phishing
Phishing attacks can target both individuals and individual companies. The purpose of attacks on individuals organized by fraudsters, as a rule, is to gain access to logins, passwords and account numbers of users of banking services, payment systems, various providers, social networks or postal services. In addition, the purpose of a phishing attack can be to install malware on the victim's computer.
Not all phishers self-cash the accounts they access. Cashing out accounts is a difficult process from a practical point of view. In addition, a person who is engaged in cashing out is easier to catch and bring a criminal group to justice. Therefore, having received confidential data, some phishers sell them to other scammers who use proven schemes for withdrawing money from their accounts.
In cases where phishing attacks are directed at companies, the goal of cybercriminals is to obtain the account information of an employee and then an extended attack on the company.

Types and schemes of phishing attacks
The main phishing techniques and techniques include:

Social engineering techniques
Posing as representatives of well-known companies, phishers most often inform recipients that, for whatever reason, they urgently need to transfer or update their personal data. This requirement is motivated by data loss, system breakdown, or other reasons.
A person always reacts to events that are significant for him. Phishing organizers try to alert the user and provoke an immediate response. For example, it is believed that an email with the heading “to regain access to your account ...” grabs attention and forces the person to follow the link for more information.

Phishing with deception
This is the most common type of phishing attack. Fraudsters can spam millions of email addresses in a matter of hours with messages based on this method. In this case, the phisher sends a fake letter on behalf of the organization asking to follow the link and verify the account details.
To steal personal data, special phishing sites are created, which are placed on a domain that is as close as possible to the domain of a real site. To do this, phishers can use URLs with small typos or subdomains. A phishing site has a similar design and should not arouse suspicion from the user who lands on it.
It should be noted that fraudulent phishing is the most traditional method of phishers' work, and at the same time the least safe for attackers, so it is gradually becoming a thing of the past.

Harpoon phishing
Harpoon phishing targets specific people rather than broad groups of users. Most often, this method is the first stage to overcome the company's defenses and conduct a targeted attack on it. Attackers in such cases study their victims using social networks and other services and thus adapt messages and act more convincingly.

"Whaling"
The hunt for confidential information of top managers and other important persons is called "whale hunting". In this case, phishers spend a lot of time identifying the personality traits of the target victim in order to find the right moment and methods to steal credentials.

Virus distribution
In addition to identity theft, fraudsters also aim to harm individuals or groups of individuals. A link in a phishing email can, when clicked, download a malicious virus to your PC: a keylogger, Trojan, or spyware.

Farming
This is a new type of phishing. Using this method, phishers receive personal data not through a letter and following a link, but directly on the official website. Farmers change the digital address of the official website on the DNS server to the address of the spoofing site, and as a result, the unsuspecting user is redirected to the fake site. Such phishing is more dangerous than traditional phishing, since it is impossible to see the spoofing. Ebay auction, PayPal payment system and well-known world banks already suffer from such attacks.

Wishing
Vishing is a phishing technique that uses telephone communication to obtain information. The notification letter specifies the phone number to call back in order to eliminate the "problem that has arisen." Then, during the conversation, the operator or answering machine asks the user to provide identification data to solve the problem.

How you can protect yourself from phishing
First of all, experts advise service users to learn how to recognize phishing on their own.
In response to an email requesting "confirmation" of an account or any other similar request, experts advise users to contact the company on whose behalf the message was sent to verify its authenticity. In addition, we recommend that you enter your organization's URL yourself in the address bar instead of using any hyperlinks.
Almost all authentic messages from the services contain mentions of some information that phishers cannot access, for example, the mention of a name or the last digits of an account number. At the same time, any letters that do not contain any specific personal information should cause suspicion.
It should also be remembered that phishing sites can hide behind pop-ups. Targeted advertising can run on them. There are cases when in the "login" column the user already sees his email address and he is only asked to enter the password in the lower column. It is possible to see a link to a phishing site in comments on forums and on social networks. A link can also be sent to you by a friend or acquaintance whose account has been hacked. If a letter or link has made you suspicious, it is better not to follow it.

The fight against phishers also takes place at a technical level:

• Browsers warn about phishing threats, most of them maintain their own lists of phishing sites, after checking with them, services warn users about going to dangerous sites;
• Email services fight phishing in messages by improving their spam filters and analyzing phishing emails;
• Large services and companies are also complicating the authorization procedure, offering users additional protection of personal data.

Mikhail Tereshkov, head of information security at ER-Telecom Holding JSC, in a column on Rusbase, gave such effective, but simple for the user, methods of protection against phishing:

• Pay attention to the security certificate of the payment system - in the address bar of the browser, the site name looks like https: // ...
• Always change the default factory passwords of the router to more complex ones, and install updated software versions at least every six months.
• Do not shop over public Wi-Fi. Antivirus for your smartphone can provide additional protection.
• Before making a payment in an unfamiliar online store, read reviews about it online.

Phishing in World
In September 2020, experts of the ONF project "For the Rights of Borrowers" named five fraudulent schemes that were most often used in 2020. Phishing took the first place (34% of mentions), the purpose of which is to gain access to user logins and passwords. A classic example of phishing is malicious links. Its varieties also include advertising on video hosting, promising payment for participation in surveys, and calls on behalf of banks.
It is reported that the authors of the rating analyzed about 50 thousand messages of citizens and more than 20 thousand publications in the media and other open sources.
In 2021, during the coronavirus pandemic, the number of thefts from users' bank cards increased sixfold, according to the Group-IB company, which specializes in preventing cyberattacks. According to experts, scammers lure users to phishing sites where buyers enter payment information. Attackers use this data to access public p2p services of banks and transfer money to their accounts.

On average, one bank records 400-600 attempts of this type of fraud per month. The average bill of one transfer is $ 7 thousand. Often, attackers created fake online store pages with masks, gloves, and sanitizers.
- data from Group-IB.

Conclusion
Cyberattacks have long been a part of our life. Fraud protection is a global challenge for corporations and startups that develop financial, e-commerce and other services. But users should not forget about the simple steps in order not to fall for the hook of an intruder.

 

[Jollier]

PROTECT YOUR SELF FROM PHISHING ?

WHAT IS PHISHING ?

Phishing is the method of stealing login info(usernames and passwords) by directing the slave to a clone(fake) login page, that logs the login info without the knowledge of the slave.
Such clone website is known as a phisher.

HOW TO PROTECT YOURSELF AGAINST PHISHING?

Use your login info in the correct places only.
Don't ever put your login info anywhere else than the page you registered to, unless it's a trusted service you know(such as YouTube or blogger asking for your google account's info).
Make sure the website you're logging in isn't fake.

Whenever you login to a website, if you didn't type the URL(address) of the website yourself, i.e. if you clicked a link that lead you to the login page(from message, website, search engine results), always check the url (address) to see if you're in the right place.

For instance, if you're logging in your Facebook account, make sure the url appears as http://www.facebook.com/...

Where a phisher page would look like http://www.facebook.freewebs.com/... or http://www.facebook.spam.com/... or any url whose part before the .com isn't exactly the same as the page you want to login to.

Make sure the links you're clicking aren't fake.
Whenever you're clicking a link, check where the link goes before clicking it. Links can be masked to appear as something else than the page they're leading to.

For example, www.google.com leads to yahoo instead of google. Fortunately, in most browsers, whenever you point your mouse cursor over the link, the true location of the link is displayed on the bottom left part of the screen. Try it with the above link.

This is particularly important because it can protect you from another, rarer but more dangerous method called cookie stealing, which is basically automatically stealing your account if you're previously logged in the website.

Know that links to phishing pages are usually spread via email, and often represent impersonating trusted services and persons, such as making the email appear as it's sent from the website you've registered to, or a friend of yours whose account has been compromised.

Sometimes, some ladies invites you to sex / porn websites, don't click it. I saw a lot of phishing mails while i've cracked for viperzcrew mail access accounts, and it's really sad.

WHAT TO DO IF YOU GOT PHISHED?

Report the phisher as soon as you can.

Report the phisher's address here:

Report a Phishing Page

www.google.com

If the phishing attempt has been done via message, report the message in any of the following services:

http://www.reportphish.org/forwardphish.php

Report Phishing Sites | CISA

US-CERT partners with the Anti-Phishing Working Group (APWG) to collect phishing email messages and website locations to help people avoid becoming victims of phishing scams. You can report phishing to APWG by sending email to [email protected].

www.us-cert.gov

If you received the message from a friend's compromised account, inform your friend, and other friends that might be in danger.

If possible, inform the admin of the website/forum that the phisher is made for.

 

[Father]

John received an e-mail from an online store where he often makes purchases: "Confirm your account to continue using bonuses." Nikolay followed the link from the letter, re-entered his personal data and bank card details. Then he was asked to make a "test payment" of $ 1. During the payment, it was necessary to enter a three-digit code on the back of the card. As soon as Nikolai entered this code, he received a message from the bank about debiting from the account, but not $ 1 at all, but $ 10,000. Let's figure out how it happened.
In fact, the letter to Nikolai was sent not by a store, but by cyber fraudsters. They tricked John into confidential data, and he did not even notice how he fell for their bait. This type of fraud is called phishing. That is, fishing, fishing with a hook.
Usually, criminals first grasp a person for a living: intimidate with the loss of money or lure with super-benefits, arouse curiosity or sympathy. Then they deceive personal data, account or card details. And in the end, they write off the money from the bank account.
Consider what mistakes Nikolai made and how he could protect himself from losing money.

Mistake # 1: not using antivirus protection
Nikolai considered it a waste of money to buy an antivirus. He decided that it would be much easier and cheaper to clean the mailbox of spam by himself.

How to fix the error
All your gadgets - computer, laptop, tablet and smartphone - need to have an antivirus installed. A good anti-virus package includes protection against spam and phishing emails. He himself recognizes suspicious addressees.
In addition, the antivirus protects against programs that steal card data, gain access to online and mobile banks, intercept SMS and push messages with secret codes. This is even more dangerous than phishing - your account can be reset to zero, and you won't even know about it right away.
It is important to update your protection regularly. Cyber fraudsters invent new viruses and phishing methods literally every day.

Mistake # 2: following links from messages from unknown recipients
Nikolai decided that he received a letter from an online store - he saw a familiar name and logo in the text of the letter. But he did not verify the sender's address.

How criminals work
Fraudsters register an email address similar to the address of a real online store, bank or other legal organization. For example, instead of the address of the shop "Supershop" use [email protected].
Sometimes deceivers do not even bother with a similar address, since it is often hidden from the user's eyes. They simply indicate the name of the store as the name of the sender - this is what the recipient sees. It is easy to check the substitution, but not everyone pays attention to such details.
Scammers lure people to phishing sites not only through email, but also through instant messengers and social networks. You may receive a message from a friend who offers to follow the link. But it may turn out that his account was hacked.
Sometimes criminals don't even try to imitate someone else. Instead, they start their own business project. And they create the appearance that they are running quizzes with guaranteed winnings, questionnaires for rewards, or sending out videos for adults.
In the text of the letter or message, they add a link that, instead of the promised quizzes and videos, leads to a phishing site. It is created specifically for this scam to collect personal and payment information from users. In some cases, when you click on a link, a virus is loaded that steals data from your device.
The deceivers choose the subject of the letter to which the recipient should react. Something scary: "Your account will be blocked", "An urgent message from the Security Service." Or enticing: "You have been credited with 5000 bonuses", "Refund of payment for $ 300." Or the intriguing one: “Hello! I'm sending you pictures from the last party." Scammers know how to play on emotions.

How to avoid scammers' tricks
Always check the email address carefully. If it differs by at least one symbol from the usual address of a store, bank, airline or other real organization, such a letter should not even be opened. If the address is not familiar to you at all and you do not expect messages from new addressees, then you can safely delete it.
When you open the letter, pay attention to how it is written and formatted. Spelling mistakes and awful design are clear signs of a fake letter. But lately, scammers have learned to very accurately repeat the corporate identity of well-known companies. So you have to be careful, even if everything looks perfect.
If a friend or acquaintance sent an incomprehensible link, it is better to call back and make sure that this message is exactly from him.

Mistake # 3: not checking the site's address bar
John noticed that the usual design of the online store has changed a little, but this did not alarm him. It did not occur to him to carefully examine the address bar of the browser.

What to check when going to the site
Address. It is best to save the addresses of banks, government agencies, your favorite online stores and other online services in bookmarks. You can type in the address manually, but you need to be careful - sometimes a mistake in even one character will lead you to a duplicate phishing site.
Always check the address bar of your browser. Sometimes you can get to a phishing site even when you go from one page of a portal you know to another.
Connection security. If you want to enter personal information or card data, make a purchase through the site, then its address must be preceded by https and the closed padlock icon. The letter s and a closed padlock mean that the connection is secure: when you enter data on the site, it is automatically encrypted and cannot be intercepted.
A secure connection is a mandatory requirement, but not sufficient. Hackers cannot connect to such a site and find out your data. But this is not a guarantee that the site itself is created by a law-abiding company. Recently, criminals have also managed to obtain security certificates for their sites.
Design. Even if you missed an extra letter in the address, and the criminals organized a secure connection, the poor design of the site should catch your eye.
Criminals create online resources with the simple goal of collecting sensitive data. Therefore, in most cases, they are not wise with the structure and design of the site. Sloppy layout, spelling errors, broken sections and links are clear signs of fake.
But if the fraudsters have big ambitions, they can invest in creating a website that replicates the Internet resource of a well-known organization as closely as possible. Or create a beautiful and high-quality website for your own "project". So you can't focus on design alone.

Mistake # 4: Paying Through Insecure Pages
The fake "online store" suggested that Nikolai make a "test payment" and for this enter the code on the back of the card and the code from the SMS message directly on its website. Nikolai did not pay attention to the fact that he was not transferred to the payment system page to make the payment.

What you need to know
After entering the card details, the store's website should transfer you to the gateway of your card's payment system. This is a separate secure page, the online store cannot access the information you enter there.
Payment gateways connect the cardholder with his bank when making a payment. The bank sends the client in an SMS message a one-time code to confirm the operation. And only after the buyer enters it, the payment goes through.
Do not tell anyone the secret codes from the bank - check if the data from the SMS matches the details of the operation. If everything is in order, enter the code into the special field on the payment page. If not, call the bank.
All payment systems have secure gateways. Look for their logos on the payment page: Visa Secure, MasterCard SecureCode and Mir Accept. Moreover, the logos should be active links that lead to the sites of payment systems. On the pages of the scammers, these logos are just pictures.

Mistake # 5: using the same card for all payments
Nikolai paid in online stores with his salary card. Now he will have to order a new one. In the meantime, the bank will reissue it, he will be able to get access to the balance of money on the account only at the bank branch.

How to proceed
For online purchases and payment for services via the Internet, it is better to get a separate card. It is worth transferring money to it right before the payment and putting in exactly the amount that you are going to transfer.
Some banks and electronic payment systems (e-wallets) offer to get virtual cards - they have details, but they do not exist in the form of plastic. Sometimes it is even possible to create virtual cards that are valid for only one online purchase.