What is Phishing and How Do You Prevent It?
Unscrupulous people who can threaten our finances and valuable information are a growing problem for ordinary internet users and businesspeople. Anyone who engages in any activity in the virtual space must have encountered an online scam called phishing. This is a set of actions aimed at capturing sensitive data, leading to account hijacking or credit card access.
2020 breaks all records for the number of cybercrimes. We have collected all the relevant information about this in the article Updated Cyber Crime Statistics for 2020.
The worst thing is that such threats appear suddenly. It doesn’t matter if we are currently working or playing online games during our break from work. Extortion can take place at any time. Most often, this manifests itself in the form of emails that come to us, in which the hacker pretends to be our bank, social network sites, or possibly technical support for the mobile telephone service that we use.
Simply, we can call this attack as phishing. So, today, we’ll consider the following questions: what is phishing, its types, and how can you protect yourself from this attack.
Do you know what a DDoS attack is? This is another type of cyber threat that you need to protect yourself and your data from. You can find all the necessary information in our blog post.
What is phishing?
Phishing is one of the methods that cybercriminals use to obtain confidential data. As a result of this attack, you may lose access to your email account and the funds accumulated in your bank account.
The purposes of phishing can be any of the following:
- Getting secret information: personal data, username and password, bank details, service information.
- Online surveillance and installing malware on the device.
- Blackmail or destruction of competitors’ businesses using the information received.
- Espionage and state supported surveillance of organizations of interest.
The name comes from the word “fishing.” Criminals, like fishermen, use carefully prepared “bait” to lure users into a trap. For this purpose, they most often use fake emails and texts. Increasingly, scammers are also using instant messaging applications and community portals.
To gain the victim’s trust, phishers impersonate well-known companies and institutions — banks, offices, auction sites, couriers, and telecommunications companies. Using specially created messages, they try to trick the victim into clicking a link in the message. This usually leads to a site created by scammers. It looks every bit like the real website of the company or institution that the message was supposedly coming from. But in reality, it is a trap set for unwary internet users.
Using a fake website, criminals get data that the victim provides to them, convinced that they are engaging in, for example, a genuine transaction with their bank. It is also common to send fake emails that encourage internet users to download a malicious file attached to them.
We’ve collected all types of malware to warn you about possible risks and dangers.
Types of phishing attacks
You should not fall for the bait of these fraudsters, but how can you recognize this “bait”? There are many methods and types of attacks. Let’s look at them in more detail.
Phishing via email
The first category is the most common method of performing these attacks. A huge number of emails regularly pass through email services. Email is a great platform for scammers since most people have mailboxes and social networks full of messages. They simply do not have time to analyze each of them carefully. Phishers know this and use it for their own purposes.
If fraudsters want to obtain personal data or control over accounts, personal or official, they will send emails on behalf of official companies (social networks, payment systems, online stores, online games). Such emails are created with great attention to detail. It is hard to distinguish a fake email from an authentic one. Due to flaws in email protocols, phishers can even fake the sender’s address to look like the real one.
Email Bomb attacks are spreading through the internet. We tell you how to hide from these attacks in our blog.
Facebook, Twitter, and many other social networks occupy an important position in our lives. Hackers understand this and are not limited to one way of sending messages to potential victims. Some hacking methods are simple: you may be sent a private message on one of the networks containing a shortened link address, where you will be redirected to a phishing site with malware.
And some tactics are more advanced and require much more time. One of these phishers’ methods is to portray a person – most often an attractive woman – with photos taken from the account of a real-life person in their profile. What can this tactic be used for? For luring out personal information or pictures that can make a person look bad or embarrass them. Subsequently, an attacker can blackmail a person or demand a monetary reward for deleting images or data that they’ve acquired.
Vishing: mobile voice phishing
It is also worth highlighting messages allegedly sent from the bank, containing a phone number for feedback. After calling the specified number, the user gets to the answering machine, where following the instructions, they will eventually be informed of the “need” to change the PIN-code on the card or specify the CVV code. In another case, fraudsters can independently call the victim’s phone number, posing as a bank employee, where they will also ask for personal data.
The evil twin
The method is applied in the field of wireless data transmission. The phisher creates a copy of the access point for free access to Wi-Fi within the user’s reception, thereby making the substitution of the original point a double. Subsequently, a potential user connects to the point, allowing the attacker to access personal data.
A fraudster gets access to confidential information or a user’s computer by luring them to a secure page with deliberately embedded malicious code. A kind of invisible layer mask is created on top of the authentic page. When you click on it, the user gets to the phisher site with an exact copy of the original. You can use the technology in different ways, from a news subscription to a resource, to theft of personal data, to making online purchases at the expense of an unsuspecting user.
This technology implies a hidden redirection of the victim to the fraudster’s site. There are two ways to redirect from genuine to fake resources covertly:
- changing HOSTS files;
- manipulation of DNS information.
How to detect fraud?
Very often, a person who has never encountered such a scam may simply not recognize it. Emails informing us about the need to log in to your bank account or social networks are written professionally. Thus, the form of an online email may not arouse our suspicions.
The big problem is that sometimes such messages don’t end up in spam, which can also be confusing. For example, you may be offered an interesting link to go to an online store’s website to buy a product. And you will be very interested in this offer. Then you should be vigilant and first pay attention to the link in the address bar. If it looks unusual, you can assume that it is a fraudulent website.
Why is it difficult to catch a fraudster?
It is rare to catch such scammers red-handed. In most cases, fake pages will only exist for a few hours. These sites are created by experienced hackers who are well aware of the threats to their illegal activities and know how to protect themselves from them. Such sites can be created by:
- phishers (specializing in phishing)
Sometimes, to confuse the trail of the attacked internet user or internet crime specialists, hackers simply use access to other people’s servers or websites. Unfortunately, it is not often that the police investigate these crimes thoroughly, and the whole case can die down pretty quickly.
How to prevent phishing attacks?
Cybercriminals’ creativity knows no bounds, but fortunately, internet users are not helpless in the fight against them. In practice, to minimize the risk of becoming a fraud victim, it is enough to follow a few simple rules presented below.
- Use the principle of limited trust – that is, avoid instinctively clicking on links and downloading files from suspicious sources.
- Carefully read the contents of emails and text messages – you always need to analyze what the sender expects and whether there is anything suspicious about it.
- Check the sender’s details – the scammers’ email addresses are similar to the addresses of the institutions and companies they claim to be, but usually contain typos or slightly changed names.
- Use the private Utopia P2P ecosystem. It provides secure file sharing, data storage, chatting, game playing, and more, all without censorship and tracking.
- Check the received links – the addresses of fake sites are similar to the original sites’ addresses, but a thorough study can detect fraud. If the message suggests logging in to the banking service using the specified link, it is better to enter the address of the bank’s website yourself.
- Use the latest version of your browser and antivirus software – this is the only way to detect and possibly remove malware.
If you have any doubts about an email or text message you received, we recommend that you contact the company’s representative or institution and ask if it was actually sent by them. In addition, it is worth remembering that next to the address field of a bank, credit institution, telecommunications company, or another service provider, there must be a logo or seal. Its absence is a signal that any data you enter may be intercepted.
David Geer told us all about cybersecurity measures on the internet. Read his interview about the future of cybersecurity.
Phishing has existed for over 20 years and still remains popular and dangerous because of 2 reasons:
- It is extremely simple in execution; even one person can do it without difficulty.
- Many people don’t even know about the existence of such threats.
For some, it looks like a real strange situation, when somebody has been attacted to such messages like “you won a million dollars” or “we are your credit bank, please share with us your card details.” At the same time, millions of people in the world are simply careless about using the internet. Or they just don’t know that the internet is a world where their data can be used against them.
Read our Checklist on Ways to Protect Yourself on the net. Know the most reliable methods for preventing cybercrime.