Skip to main content

PHISHING - A cybercrime

PHISHING TECHNOLOGY


Hello!!! We are gonna see about Phishing in this blog.  In this modern world, cyber-attacks are becoming very worse day by day, and phishing is one of the familiar act performed by the hackers. Let us see about Phishing briefly now!!!

Introduction:

 Pronounced "fishing“

      •The word has its Origin from two words “Password Harvesting” or fishing for Passwords.
      •Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
     •Phishing techniques were described in detail in the year 1987 and this Technique was first used in the year 1995.
What might the phisher need?
Your password
Account number, card number, Pin, access code
Personality identifiable information like your dob, Social Security number, address.
Confidential information like student records, financial records or technical information 
Phishers typically present a plausible scenario and often take advantage of the recipient’s fear, greed. 

Types of Phishing

1.Deceptive phishing:
                                       It is by far the most common type of phishing scam. In this type of ploy, fraudsters impersonate a legitimate company in an attempt to steal people’s personal data or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing what the attackers want. As an example, PayPal scammers could send out an attack email that instructs recipients to click on a link in order to rectify a discrepancy with their account. In actuality, the link redirects to a fake PayPal login page that collects a victim’s login credentials and sends them to the attackers.
         The success of a deceptive phish hinges on how closely the attack email resembles a piece of official correspondence from the abused company. As a result, users should inspect all URLs carefully to see if they redirect to an unknown and/or suspicious website. They should also look out for generic salutations, grammar mistakes and spelling errors scattered throughout the email.

2.Malware-Based Phishing:
                                             It refers to scams that involve running malicious software on users' PCs. Malware can be introduced as an email attachment, as a downloadable file from a web site,  or by exploiting known security vulnerabilities--a particular issue for small and medium businesses (SMBs) who are not always able to keep their software applications up to date.

·        Keyloggers and Screenloggers are particular varieties of malware that track keyboard input and send relevant information to the hacker via the Internet. They can embed themselves into users' browsers as small utility programs known as helper objects that run automatically when the browser is started as well as into system files as device drivers or screen monitors.

·       Session Hijacking describes an attack where users' activities are monitored until they sign in to a target account or transaction and establish their bona fide credentials. At that point the malicious software takes over and can undertake unauthorized actions, such as transferring funds, without the user's knowledge.

·       Web Trojans pop up invisibly when users are attempting to log in. They collect the user's credentials locally and transmit them to the phisher.

·        Data Theft. Unsecured PCs often contain subsets of sensitive information stored elsewhere on secured servers. Certainly PCs are used to access such servers and can be more easily compromised. Data theft is a widely used approach to business espionage. By stealing confidential communications, design documents, legal opinions, employee-related records, etc., thieves profit from selling to those who may want to embarrass or cause economic damage or to competitors.

3.DNS-Based Phishing ("Pharming"):
                                                                      Pharming is the term given to hosts file modification or Domain Name System (DNS)-based phishing. With a pharming scheme, hackers tamper with a company's host files or domain name system so that requests for URLs or name service return a bogus address and subsequent communications are directed to a fake site. The result: users are unaware that the website where they are entering confidential information is controlled by hackers and is probably not even in the same country as the legitimate website.

4.Man-in-the-Middle Phishing:
                                                          It is harder to detect than many other forms of phishing. In these attacks hackers position themselves between the user and the legitimate website or system. They record the information being entered but continue to pass it on so that users' transactions are not affected. Later they can sell or use the information or credentials collected when the user is not active on the system.

5.Content-Injection Phishing:
                                                      It describes the situation where hackers replace part of the content of a legitimate site with false content designed to mislead or misdirect the user into giving up their confidential information to the hacker. For example, hackers may insert malicious code to log user's credentials or an overlay which can secretly collect information and deliver it to the hacker's phishing server.

6.Search Engine Phishing:
                                                It occurs when phishers create websites with attractive (often too attractive) sounding offers and have them indexed legitimately with search engines. Users find the sites in the normal course of searching for products or services and are fooled into giving up their information. For example, scammers have set up false banking sites offering lower credit costs or better interest rates than other banks. Victims who use these sites to save or make more from interest charges are encouraged to transfer existing accounts and deceived into giving up their details.

Causes of Phishing

  • Misleading e-mails.
  • No check of source address.
  • Vulnerability in browsers.
  • No strong authentication at websites of banks and financial institutions.
  • Limited use of digital signature.
  • Non-availability of desktop tools.
  • Lack of user awareness.
  • Vulnerability in application.

Phishing Examples

Why Phishing is still popular?

#1- It tricks the victim with fear 
One of the most common method is to trick the victim by sending them an email and tell them that their internet banking account is being compromised and need to click on a link to resolve the issue. Once the user followed the link, the user will be redirected to some forged website that looks similar to the banking website which requires the user to input his/her username and password. Once that form is sent, all the data will be transmitted to the attacker-controlled server.

#2-It tricks the victim with special interest   
Some scammers use the scenario such as winning the lottery or viewing adult material to create a temptation for the victim to click on a link that redirects to the phishing site.

#3-It is not a rocket science technology
Phishing attacks involve creating a forged website and it might be difficult for certain people. However if it is compared to hacking a banking server, creating a website is not that complicated. Therefore many novice or intermediate scammers will choose to use the phishing method over any other method in their hacking project.

#4-It can be launched via many types of communication channel
Phishing can happen not only by simply building a forged website and anticipate for the victim to come to you. It can also involve sending emails to lure them to the forged website. Besides that, a phishing scam uses as well the manipulation of a URL and post it as a comment or forum to trick them to the forged website. Apart from using the computer knowledge to lure the victim, phishing can also be done via phone calls. The conclusion is this type of scam can be done via multiple channels and multiple techniques.

 #5-Compromising one account is not the end
After stealing one’s credentials is not the end, but it can be the beginning. Why is it so? Internet users nowadays have many online accounts for instance Facebook, Twitter, and LinkedIn. In common, most users will use the same username and password for each of the accounts so that remembering them is not an issue. Hence this can lead to the users’ credentials that had been stolen can be used as well for other accounts by the scammers.

How to Protect Yourself from Phishing !!!
The following 10 steps will help protect yourself. Whilst we have researched and made recommendations of software that will assist you, Fraud Watch International makes no warranties or guarantees about the products.
phishing attack | Vanderbilt News | Vanderbilt University

 1. Never click on Hyperlinks within emails
 Why? Hyperlinks within emails are often cloaked, or hidden. The text you see as a hyperlink may not be where the hyperlink takes you. Recommendation: If you are unsure of the source of the email, you should not click on hyperlinks within emails that are apparently from a legitimate company for personally sensitive information Instead, directly type in the URL in the Internet browser address bar, or call the company on a contact number previously verified or known to be genuine.

2. Use Anti-SPAM Filter Software
Why? Some studies have shown around 85% of all email sent is SPAM, with a majority fraudulent. This can be costly and time-consuming to end-users who receive them. Effective SPAM filters can reduce the number of fraudulent emails consumers are exposed to.

3. Use Anti-Virus Software
Why? To protect against Trojan and worm attacks, anti-virus software can detect and
delete virus files before they can attack a computer. It is important to keep all anti-virus software up to date with vendor updates. These virus programs can search your computer and pass this information to fraudsters.

 4. Use a Personal Firewall
Why? Firewalls can monitor both incoming and outgoing Internet traffic from a computer. This can protect the computer from being hacked into, and a virus being planted, and can also block unauthorized programs from accessing the Internet, such as Trojans, worms, and spyware.

5. Keep Software Updated (Operating Systems & Browsers)
   Why? Fraudsters and malicious computer hackers are continually finding vulnerabilities in software operating systems and Internet Browsers. Software vendors are constantly updating their software to fix these vulnerabilities and protect consumers. Recommendation: Always ensure operating and browser software is kept up to date using legitimate upgrades and patches issued by the software vendor. Visit your operating system vendors website for updated information, and subscribe to any automatic updating service.

6. Always look for "https" and a padlock on a site that requests personal information
Why? Information entered on an Internet Website can be intercepted by a third party. Web Sites that are secure protect against this activity Recommendation: When submitting sensitive financial and personal information on the Internet, look for the locked padlock on the Internet browser's status bar or the “https://” at the start of the URL in the address bar. Although there is no guarantee of the site's legitimacy or security if they are present, the absence of these indicates that the web site is definitely not secure.

7. Keep your Computer clean from Spyware
Why? Spyware & Adware are files that can be installed on your computer, even if you don't want them, without you knowing they are there! They allow companies to monitor your Internet browsing patterns, see what you purchase and even allow companies to inundate you with those annoying "pop up" ads! If you've downloaded some music, files , or documents and suddenly started getting annoying ads popping up on your screen, you could definitely be infected with Spy Ware and/or Ad Ware!

8. Educate Yourself on Fraudulent Activity on the Internet
Why? Internet Fraud methods are evolving at a rapid rate. Consumers need to be aware they are vulnerable as fraudsters are persuasive and convincing; many victims thought they were too smart to be scammed. Consumers should educate themselves on Internet Fraud, the trends, and continual changes in fraudulent methods used. Fraud Watch International offers consumer education as a free service to the Internet community.

9. Check Your Credit Report Immediately, for Free!
Why? If you have responded to a fraudulent email, you may be at risk of identity theft. A virus could have been implanted within the email, which may find and pass on sensitive personal information about you to fraudsters, or if you have provided fraudsters with any personal information, you may be at risk of Identity Theft. You should check your credit report, and subscribe to a credit report monitoring service, to be alerted if your personal information is used fraudulently. 


Conclusion
  • No single technology will completely stop phishing.
  • However, a combination of good organization and practice, proper application of current technologies, and improvements in security technology has the potential to drastically reduce the prevalence of phishing and the losses suffered from it.
  • In order to combat phishing, business and consumers need to adopt best practices and practice awareness, educate themselves about phishing and anti-phishing techniques, use current security protection and protocols, and report suspicious activities. By doing so, they can reduce their exposure to fraud and identity theft, safeguard their confidential. 
So Be Aware of criminal activities and PROTECT YOURSELF
THIS IS - 'Phishing'
KNOW IT ... SPREAD IT ...
Follow for more


Labels:

Comments

Post a Comment

Popular posts from this blog

Learn Python

Python is a great object-oriented, interpreted, and interactive programming language. It was designed with an emphasis on code readability, and its syntax allows programmers to express their concepts in fewer lines of code. Often, programmers fall in love with Python because of the increased productivity it provides.  Gain skills during this quarantine and move forward to your success. Below are the free websites to learn this beautiful python. python.org Google learnpython.org HackerRank Tutorialspoint Codecademy educative edx hackr.io techbeamers          STAY SAFE! KEEP LEARNING! THIS IS " TOP FREE WEBSITES FOR LEARNING PYTHON " KNOW IT ... SPREAD IT... FOLLOW FOR MORE!
Post a Comment
Read more

Space Debris - Junk in Space

Space Space Space!!!   The terms Solar solstice and Space elevator were explained in previous blogs. Now we are gonna see about Space debris. Have you ever wondered, what happens to the parts of a rocket that fall off??? What does actually space debris mean??? Is there any possibility to clean up space debris??? If so, How??? These are some general questions that will revolve around everyone's mind...Now you will get some clarity about those questions, let us move into the topic... What is Space debris? Space debris ( known as space junk), is a piece of machinery or junk left by humans in space, generally in earth's orbit, which are no longer useful. These materials can be of large objects such as heavy satellites that have failed or left in the earth's orbit after the mission. It can also be small things like paint flecks, solidified liquids, and junks that have fallen from a rocket. Some of the human-made junks have been left on the moon too. Most of the junks are present...
2 comments
Read more

5G Technology - 'Everything You Need To Know'

As day by day technology improves, 5g is one of the most tremendous technologies, which everyone was looking for...Here I'm not dragging anymore now... Let us jump into the content... Hope everyone enjoys the content... What is 5G? 5G is the fifth era versatile system. It is another worldwide remote standard after 1G, 2G, 3G, and 4G systems. 5G empowers another sort of system that is intended to interface practically everybody and everything together including machines, items, and gadgets.  5G remote innovation is intended to convey higher multi-Gbps top information speeds, ultra-low inactivity, greater unwavering quality, huge system limit, expanded accessibility, and progressively uniform client experience to more clients. Better and improved proficiency engage new client encounters and associates new enterprises. What are the contrasts between the past ages of  portable systems and 5G? The past ages of versatile systems are 1G, 2G, 3G, and 4G.  First era - 1G  Th...
2 comments
Read more