Mutt
Professional
- Messages
- 1,458
- Reaction score
- 1,070
- Points
- 113
Contents
Virtual communications in the global network are, in fact, a reflection of what is happening in the real world with all the inherent shortcomings of the traditional sphere of society. In particular, on the Internet, just like in real life, there are offenses and crimes, although they are all quite specific in nature, one of them is “phishing”. What it is, what are its features, and how to protect Internet users from it - this will be discussed in the article.
Phishing is a virtual scam
As a rule, the object of attack by cybercriminals is classified information - both commercial and private. A common scheme for taking over confidential data of network users is the so-called "fishing password". The name, which speaks for itself, literally translates from English as "fishing for passwords",
The concept of "phishing" (translated from English - fishing), in addition to stealing logins and passwords (for accessing accounts on forums and social networks, entering corporate sites and other closed pages), implies theft of any personal data:
This can be any data, the possession of which will allow the fraudster to benefit (at the expense of the victim). This type of fraud is rarely aimed at specific people (although this is also the case), but is designed for a mass audience. Imagine a fisherman (swindler) throwing a fishing rod (method of influence) into a river (internet), who catches a random fish, tempted by a tempting bait.
The consequences of taking over personal data for a user of the global network can be not only unpredictable, but truly catastrophic. From financial losses to the loss of freedom (in the literal sense of the word), in the event of legal liability for someone else's crime. But most often, scammers with such tricks get access to bank cards or to accounts to which the cards are linked (electronic wallets, e-mail) and take away your money.
Letters of happiness. How it all began
Taking into account the fact that the number of victims of Internet fraudsters is steadily growing from year to year, the study of general information (what is a phishing attack, how not to become another victim of cyber criminals) is critically necessary for any user of the global network.
In the recent past, a favorite fraudulent scheme was the so-called "letters of happiness", a kind of notification from organizations known to the user (for example, banking institutions or network providers) to e-mail with an urgent request to urgently verify personal data under any pretext. Sometimes persistent requests were accompanied by threats: “if copies of the relevant documents (or login with password) are not sent within 24 hours, your bank account will be blocked, credit / insurance canceled”, and similar text options.
Many respondents, due to simple human gullibility or the habit of receiving such forms with ultimatum demands in real life (from utilities, financial and fiscal institutions), responded to such emails without delay, thereby falling into the bait of intruders. The consequences of such actions, as a rule, did not take long to wait, and very soon the user reaped the bitter harvest of his own frivolity.
This was the simplest example of phishing. The fraudster treats a potential victim with social engineering methods (psychological techniques and techniques), playing on her feelings of uncertainty and fear. Instead of trying to figure it out, the victim fulfills the fraudster's demands by sending him the requested data. Now people are gradually getting smarter and are not buying letters of happiness, but the criminals did not stand still, and developed a new technology for extracting confidential data - using phishing sites.
What are phishing sites and links?
Naturally, Internet thieves try to stay ahead of their time, making allowances in their criminal activities for the "advanced" and knowledgeable audience with which they have to "work". Typical organizations that are of interest to cybercriminals are banking institutions, online casinos, electronic payment systems, and social networks.
Therefore, for maximum credibility in the process of intent and implementation of a fraudulent scheme, special phishing sites are created (consisting of several pages or one-page sites). These fake web pages are often an exact copy of the official electronic portals of well-known organizations, have a very similar or consonant domain name, a similar algorithm of work, and so on. As a result, the purpose of the fraud is to "lure" the user to a fictitious site and thus finally eliminate doubts about the sender's authenticity, allay any suspicions and lull the vigilance. A visitor to a fake page, not suggesting a trick, seeing a familiar interface and familiar dialog boxes, enters the required information into special forms with his own hand, often without suspecting anything even after some time.
Fake pages do not last long - as a rule, no more than one week, due to frequent updates of the database of anti-phishing programs and filters (for example, anti-phishing functionality is built into all modern browsers). However, fraudsters, following a well-established scheme, create more and more fake sites to collect personal data.
Well, the search for the victim is carried out at the expense of mass mail or SMS mailings (by analogy with letters of happiness). The purpose of such an e-mail is to convince a person of the need to follow a link to a phishing site, and then, you already understand. Such links are called phishing links.
Some nuances
Catching and prosecuting the swindlers behind the theft of confidential information on the Internet is practically impossible for the simple reason that this type of fraud is an intermediate link in an even longer chain of crimes. Although they are caught and punished, but, unfortunately, they still live very "freely" (the imperfection of the legislation in relation to cyber property and the lack of specialists are reflected). work in this direction is being carried out very successfully.
Phishers almost never cash out money on their own from the accounts of deceived Internet users, as well as do not use other personal data - theft of information is carried out for the purpose of further resale to other criminals (or organized groups), who in turn use the stolen "for its intended purpose". That is, almost the only available opportunity to combat this type of fraud in the global network is, first of all, the increased vigilance of the user and a responsible attitude towards personal data (logins and passwords, numbers and codes).
A phishing email can look quite convincing - it contains markers, brand logos, and so on. However, it should be firmly remembered: no bank or provider will require personal identifiers (passwords and codes)! This information a priori should be known only to the client, otherwise what is the point in the personal identification of the user? This must always be borne in mind.
Anti-phishing techniques
In order to avoid falling for the bait of scammers, you should always pay attention to the content of the address bar of the browser more than to the familiar interface of the web page - double-check the spelling of the name (domain) of the site. Yandex.ru may look like Yandeks.ru, and sberbank.ru like sbepbank.ru - you can't tell right away.
Make sure the cryptographic protocol is supported when logging into your account. For example, to enter the personal area of the site, a secure connection is provided - the link begins with the abbreviation "https: // site name ...". This may not always be on every site, but if your account is a billing one, then it should be mandatory!
Go over the text of the message in the letter or on the website for spelling errors. Their presence is unacceptable and indicates a suspicion of a fraudulent text (resource).
You should also not neglect the security updates of Windows (or other operating environment in which you work), it is strongly recommended that you use the latest versions of Internet browsers and antiviruses in your work, including antiphishing and spam filters.
At the slightest suspicion of a phishing attack, it is necessary to urgently change passwords, notify the security service of the relevant organization about the incident, and, if necessary, even block bank cards.
- 1. Phishing is a virtual scam
- 2. Letters of happiness. How it all began
- 3. What are phishing sites and links?
- 4. Some nuances
- 5. Methods to counter phishing
Virtual communications in the global network are, in fact, a reflection of what is happening in the real world with all the inherent shortcomings of the traditional sphere of society. In particular, on the Internet, just like in real life, there are offenses and crimes, although they are all quite specific in nature, one of them is “phishing”. What it is, what are its features, and how to protect Internet users from it - this will be discussed in the article.
Phishing is a virtual scam
As a rule, the object of attack by cybercriminals is classified information - both commercial and private. A common scheme for taking over confidential data of network users is the so-called "fishing password". The name, which speaks for itself, literally translates from English as "fishing for passwords",
The concept of "phishing" (translated from English - fishing), in addition to stealing logins and passwords (for accessing accounts on forums and social networks, entering corporate sites and other closed pages), implies theft of any personal data:
- credit card numbers and other bank card details;
- bank account details;
- passport and registration data ...
This can be any data, the possession of which will allow the fraudster to benefit (at the expense of the victim). This type of fraud is rarely aimed at specific people (although this is also the case), but is designed for a mass audience. Imagine a fisherman (swindler) throwing a fishing rod (method of influence) into a river (internet), who catches a random fish, tempted by a tempting bait.
The consequences of taking over personal data for a user of the global network can be not only unpredictable, but truly catastrophic. From financial losses to the loss of freedom (in the literal sense of the word), in the event of legal liability for someone else's crime. But most often, scammers with such tricks get access to bank cards or to accounts to which the cards are linked (electronic wallets, e-mail) and take away your money.
Letters of happiness. How it all began
Taking into account the fact that the number of victims of Internet fraudsters is steadily growing from year to year, the study of general information (what is a phishing attack, how not to become another victim of cyber criminals) is critically necessary for any user of the global network.
In the recent past, a favorite fraudulent scheme was the so-called "letters of happiness", a kind of notification from organizations known to the user (for example, banking institutions or network providers) to e-mail with an urgent request to urgently verify personal data under any pretext. Sometimes persistent requests were accompanied by threats: “if copies of the relevant documents (or login with password) are not sent within 24 hours, your bank account will be blocked, credit / insurance canceled”, and similar text options.
Many respondents, due to simple human gullibility or the habit of receiving such forms with ultimatum demands in real life (from utilities, financial and fiscal institutions), responded to such emails without delay, thereby falling into the bait of intruders. The consequences of such actions, as a rule, did not take long to wait, and very soon the user reaped the bitter harvest of his own frivolity.
This was the simplest example of phishing. The fraudster treats a potential victim with social engineering methods (psychological techniques and techniques), playing on her feelings of uncertainty and fear. Instead of trying to figure it out, the victim fulfills the fraudster's demands by sending him the requested data. Now people are gradually getting smarter and are not buying letters of happiness, but the criminals did not stand still, and developed a new technology for extracting confidential data - using phishing sites.
What are phishing sites and links?
Naturally, Internet thieves try to stay ahead of their time, making allowances in their criminal activities for the "advanced" and knowledgeable audience with which they have to "work". Typical organizations that are of interest to cybercriminals are banking institutions, online casinos, electronic payment systems, and social networks.
Therefore, for maximum credibility in the process of intent and implementation of a fraudulent scheme, special phishing sites are created (consisting of several pages or one-page sites). These fake web pages are often an exact copy of the official electronic portals of well-known organizations, have a very similar or consonant domain name, a similar algorithm of work, and so on. As a result, the purpose of the fraud is to "lure" the user to a fictitious site and thus finally eliminate doubts about the sender's authenticity, allay any suspicions and lull the vigilance. A visitor to a fake page, not suggesting a trick, seeing a familiar interface and familiar dialog boxes, enters the required information into special forms with his own hand, often without suspecting anything even after some time.
Fake pages do not last long - as a rule, no more than one week, due to frequent updates of the database of anti-phishing programs and filters (for example, anti-phishing functionality is built into all modern browsers). However, fraudsters, following a well-established scheme, create more and more fake sites to collect personal data.
Well, the search for the victim is carried out at the expense of mass mail or SMS mailings (by analogy with letters of happiness). The purpose of such an e-mail is to convince a person of the need to follow a link to a phishing site, and then, you already understand. Such links are called phishing links.
Some nuances
Catching and prosecuting the swindlers behind the theft of confidential information on the Internet is practically impossible for the simple reason that this type of fraud is an intermediate link in an even longer chain of crimes. Although they are caught and punished, but, unfortunately, they still live very "freely" (the imperfection of the legislation in relation to cyber property and the lack of specialists are reflected). work in this direction is being carried out very successfully.
Phishers almost never cash out money on their own from the accounts of deceived Internet users, as well as do not use other personal data - theft of information is carried out for the purpose of further resale to other criminals (or organized groups), who in turn use the stolen "for its intended purpose". That is, almost the only available opportunity to combat this type of fraud in the global network is, first of all, the increased vigilance of the user and a responsible attitude towards personal data (logins and passwords, numbers and codes).
A phishing email can look quite convincing - it contains markers, brand logos, and so on. However, it should be firmly remembered: no bank or provider will require personal identifiers (passwords and codes)! This information a priori should be known only to the client, otherwise what is the point in the personal identification of the user? This must always be borne in mind.
Anti-phishing techniques
In order to avoid falling for the bait of scammers, you should always pay attention to the content of the address bar of the browser more than to the familiar interface of the web page - double-check the spelling of the name (domain) of the site. Yandex.ru may look like Yandeks.ru, and sberbank.ru like sbepbank.ru - you can't tell right away.
Make sure the cryptographic protocol is supported when logging into your account. For example, to enter the personal area of the site, a secure connection is provided - the link begins with the abbreviation "https: // site name ...". This may not always be on every site, but if your account is a billing one, then it should be mandatory!
Go over the text of the message in the letter or on the website for spelling errors. Their presence is unacceptable and indicates a suspicion of a fraudulent text (resource).
You should also not neglect the security updates of Windows (or other operating environment in which you work), it is strongly recommended that you use the latest versions of Internet browsers and antiviruses in your work, including antiphishing and spam filters.
At the slightest suspicion of a phishing attack, it is necessary to urgently change passwords, notify the security service of the relevant organization about the incident, and, if necessary, even block bank cards.
