Skip to main content

PHISHING - A cybercrime

PHISHING TECHNOLOGY


Hello!!! We are gonna see about Phishing in this blog.  In this modern world, cyber-attacks are becoming very worse day by day, and phishing is one of the familiar act performed by the hackers. Let us see about Phishing briefly now!!!

Introduction:

 Pronounced "fishing“

      •The word has its Origin from two words “Password Harvesting” or fishing for Passwords.
      •Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
     •Phishing techniques were described in detail in the year 1987 and this Technique was first used in the year 1995.
What might the phisher need?
Your password
Account number, card number, Pin, access code
Personality identifiable information like your dob, Social Security number, address.
Confidential information like student records, financial records or technical information 
Phishers typically present a plausible scenario and often take advantage of the recipient’s fear, greed. 

Types of Phishing

1.Deceptive phishing:
                                       It is by far the most common type of phishing scam. In this type of ploy, fraudsters impersonate a legitimate company in an attempt to steal people’s personal data or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing what the attackers want. As an example, PayPal scammers could send out an attack email that instructs recipients to click on a link in order to rectify a discrepancy with their account. In actuality, the link redirects to a fake PayPal login page that collects a victim’s login credentials and sends them to the attackers.
         The success of a deceptive phish hinges on how closely the attack email resembles a piece of official correspondence from the abused company. As a result, users should inspect all URLs carefully to see if they redirect to an unknown and/or suspicious website. They should also look out for generic salutations, grammar mistakes and spelling errors scattered throughout the email.

2.Malware-Based Phishing:
                                             It refers to scams that involve running malicious software on users' PCs. Malware can be introduced as an email attachment, as a downloadable file from a web site,  or by exploiting known security vulnerabilities--a particular issue for small and medium businesses (SMBs) who are not always able to keep their software applications up to date.

·        Keyloggers and Screenloggers are particular varieties of malware that track keyboard input and send relevant information to the hacker via the Internet. They can embed themselves into users' browsers as small utility programs known as helper objects that run automatically when the browser is started as well as into system files as device drivers or screen monitors.

·       Session Hijacking describes an attack where users' activities are monitored until they sign in to a target account or transaction and establish their bona fide credentials. At that point the malicious software takes over and can undertake unauthorized actions, such as transferring funds, without the user's knowledge.

·       Web Trojans pop up invisibly when users are attempting to log in. They collect the user's credentials locally and transmit them to the phisher.

·        Data Theft. Unsecured PCs often contain subsets of sensitive information stored elsewhere on secured servers. Certainly PCs are used to access such servers and can be more easily compromised. Data theft is a widely used approach to business espionage. By stealing confidential communications, design documents, legal opinions, employee-related records, etc., thieves profit from selling to those who may want to embarrass or cause economic damage or to competitors.

3.DNS-Based Phishing ("Pharming"):
                                                                      Pharming is the term given to hosts file modification or Domain Name System (DNS)-based phishing. With a pharming scheme, hackers tamper with a company's host files or domain name system so that requests for URLs or name service return a bogus address and subsequent communications are directed to a fake site. The result: users are unaware that the website where they are entering confidential information is controlled by hackers and is probably not even in the same country as the legitimate website.

4.Man-in-the-Middle Phishing:
                                                          It is harder to detect than many other forms of phishing. In these attacks hackers position themselves between the user and the legitimate website or system. They record the information being entered but continue to pass it on so that users' transactions are not affected. Later they can sell or use the information or credentials collected when the user is not active on the system.

5.Content-Injection Phishing:
                                                      It describes the situation where hackers replace part of the content of a legitimate site with false content designed to mislead or misdirect the user into giving up their confidential information to the hacker. For example, hackers may insert malicious code to log user's credentials or an overlay which can secretly collect information and deliver it to the hacker's phishing server.

6.Search Engine Phishing:
                                                It occurs when phishers create websites with attractive (often too attractive) sounding offers and have them indexed legitimately with search engines. Users find the sites in the normal course of searching for products or services and are fooled into giving up their information. For example, scammers have set up false banking sites offering lower credit costs or better interest rates than other banks. Victims who use these sites to save or make more from interest charges are encouraged to transfer existing accounts and deceived into giving up their details.

Causes of Phishing

  • Misleading e-mails.
  • No check of source address.
  • Vulnerability in browsers.
  • No strong authentication at websites of banks and financial institutions.
  • Limited use of digital signature.
  • Non-availability of desktop tools.
  • Lack of user awareness.
  • Vulnerability in application.

Phishing Examples

Why Phishing is still popular?

#1- It tricks the victim with fear 
One of the most common method is to trick the victim by sending them an email and tell them that their internet banking account is being compromised and need to click on a link to resolve the issue. Once the user followed the link, the user will be redirected to some forged website that looks similar to the banking website which requires the user to input his/her username and password. Once that form is sent, all the data will be transmitted to the attacker-controlled server.

#2-It tricks the victim with special interest   
Some scammers use the scenario such as winning the lottery or viewing adult material to create a temptation for the victim to click on a link that redirects to the phishing site.

#3-It is not a rocket science technology
Phishing attacks involve creating a forged website and it might be difficult for certain people. However if it is compared to hacking a banking server, creating a website is not that complicated. Therefore many novice or intermediate scammers will choose to use the phishing method over any other method in their hacking project.

#4-It can be launched via many types of communication channel
Phishing can happen not only by simply building a forged website and anticipate for the victim to come to you. It can also involve sending emails to lure them to the forged website. Besides that, a phishing scam uses as well the manipulation of a URL and post it as a comment or forum to trick them to the forged website. Apart from using the computer knowledge to lure the victim, phishing can also be done via phone calls. The conclusion is this type of scam can be done via multiple channels and multiple techniques.

 #5-Compromising one account is not the end
After stealing one’s credentials is not the end, but it can be the beginning. Why is it so? Internet users nowadays have many online accounts for instance Facebook, Twitter, and LinkedIn. In common, most users will use the same username and password for each of the accounts so that remembering them is not an issue. Hence this can lead to the users’ credentials that had been stolen can be used as well for other accounts by the scammers.

How to Protect Yourself from Phishing !!!
The following 10 steps will help protect yourself. Whilst we have researched and made recommendations of software that will assist you, Fraud Watch International makes no warranties or guarantees about the products.
phishing attack | Vanderbilt News | Vanderbilt University

 1. Never click on Hyperlinks within emails
 Why? Hyperlinks within emails are often cloaked, or hidden. The text you see as a hyperlink may not be where the hyperlink takes you. Recommendation: If you are unsure of the source of the email, you should not click on hyperlinks within emails that are apparently from a legitimate company for personally sensitive information Instead, directly type in the URL in the Internet browser address bar, or call the company on a contact number previously verified or known to be genuine.

2. Use Anti-SPAM Filter Software
Why? Some studies have shown around 85% of all email sent is SPAM, with a majority fraudulent. This can be costly and time-consuming to end-users who receive them. Effective SPAM filters can reduce the number of fraudulent emails consumers are exposed to.

3. Use Anti-Virus Software
Why? To protect against Trojan and worm attacks, anti-virus software can detect and
delete virus files before they can attack a computer. It is important to keep all anti-virus software up to date with vendor updates. These virus programs can search your computer and pass this information to fraudsters.

 4. Use a Personal Firewall
Why? Firewalls can monitor both incoming and outgoing Internet traffic from a computer. This can protect the computer from being hacked into, and a virus being planted, and can also block unauthorized programs from accessing the Internet, such as Trojans, worms, and spyware.

5. Keep Software Updated (Operating Systems & Browsers)
   Why? Fraudsters and malicious computer hackers are continually finding vulnerabilities in software operating systems and Internet Browsers. Software vendors are constantly updating their software to fix these vulnerabilities and protect consumers. Recommendation: Always ensure operating and browser software is kept up to date using legitimate upgrades and patches issued by the software vendor. Visit your operating system vendors website for updated information, and subscribe to any automatic updating service.

6. Always look for "https" and a padlock on a site that requests personal information
Why? Information entered on an Internet Website can be intercepted by a third party. Web Sites that are secure protect against this activity Recommendation: When submitting sensitive financial and personal information on the Internet, look for the locked padlock on the Internet browser's status bar or the “https://” at the start of the URL in the address bar. Although there is no guarantee of the site's legitimacy or security if they are present, the absence of these indicates that the web site is definitely not secure.

7. Keep your Computer clean from Spyware
Why? Spyware & Adware are files that can be installed on your computer, even if you don't want them, without you knowing they are there! They allow companies to monitor your Internet browsing patterns, see what you purchase and even allow companies to inundate you with those annoying "pop up" ads! If you've downloaded some music, files , or documents and suddenly started getting annoying ads popping up on your screen, you could definitely be infected with Spy Ware and/or Ad Ware!

8. Educate Yourself on Fraudulent Activity on the Internet
Why? Internet Fraud methods are evolving at a rapid rate. Consumers need to be aware they are vulnerable as fraudsters are persuasive and convincing; many victims thought they were too smart to be scammed. Consumers should educate themselves on Internet Fraud, the trends, and continual changes in fraudulent methods used. Fraud Watch International offers consumer education as a free service to the Internet community.

9. Check Your Credit Report Immediately, for Free!
Why? If you have responded to a fraudulent email, you may be at risk of identity theft. A virus could have been implanted within the email, which may find and pass on sensitive personal information about you to fraudsters, or if you have provided fraudsters with any personal information, you may be at risk of Identity Theft. You should check your credit report, and subscribe to a credit report monitoring service, to be alerted if your personal information is used fraudulently. 


Conclusion
  • No single technology will completely stop phishing.
  • However, a combination of good organization and practice, proper application of current technologies, and improvements in security technology has the potential to drastically reduce the prevalence of phishing and the losses suffered from it.
  • In order to combat phishing, business and consumers need to adopt best practices and practice awareness, educate themselves about phishing and anti-phishing techniques, use current security protection and protocols, and report suspicious activities. By doing so, they can reduce their exposure to fraud and identity theft, safeguard their confidential. 
So Be Aware of criminal activities and PROTECT YOURSELF
THIS IS - 'Phishing'
KNOW IT ... SPREAD IT ...
Follow for more


Labels:

Comments

Post a Comment

Popular posts from this blog

Ransomware - 'Malicious Software'

What is Ransomware? Ransomware is malicious software that infects your computer and displays messages demanding a fee to be paid so as for your system to figure again. This class of malware may be a criminal moneymaking scheme that will be installed through deceptive links in an email message, instant message, or website. it's the power to lock a display screen or encrypt important, predetermined files with a password. How does Ransomware work? It usually starts with a classic phishing email that is bait to download an infected file. In most cases, the infection with the ransomware happens by an attempted PDF, DOC, or XLS file. By opening the malicious file, the criminal has crossed the foremost significant hurdle. The installation of the respective system takes place. It should be mentioned that the installation can run independently of the activation of the ransomware. The ransomware attack can thus be prepared beforehand, except for example is often started at a later time. As s
3 comments
Read more

Cloud Storage Vs Local Storage - What's the best choice for you?

Saving personal data is one of the most important  basic things  in today's digital world. There are a lot of storage faculties available in the market. The two most common storage possibilities are Cloud and Local storage. Let's move onto the topic now!!! In recent years, cloud innovation has taken off. With cloud-based applications, catastrophe recuperation arranging, and information stockpiling, the cloud offers another engineering for organizations hoping to improve proficiency and spryness. However, new isn't in every case better. While distributed storage surely offers advantages to numerous organizations, a few associations are finding that utilizing neighborhood stockpiling – or a mixture blend – is a progressively powerful arrangement. Analyzing the advantages of distributed storage versus neighborhood stockpiling is a significant piece of recognizing what is directly for your business. Definition Cloud storage is the way toward putting away computerized informati
4 comments
Read more

Space Debris - Junk in Space

Space Space Space!!!   The terms Solar solstice and Space elevator were explained in previous blogs. Now we are gonna see about Space debris. Have you ever wondered, what happens to the parts of a rocket that fall off??? What does actually space debris mean??? Is there any possibility to clean up space debris??? If so, How??? These are some general questions that will revolve around everyone's mind...Now you will get some clarity about those questions, let us move into the topic... What is Space debris? Space debris ( known as space junk), is a piece of machinery or junk left by humans in space, generally in earth's orbit, which are no longer useful. These materials can be of large objects such as heavy satellites that have failed or left in the earth's orbit after the mission. It can also be small things like paint flecks, solidified liquids, and junks that have fallen from a rocket. Some of the human-made junks have been left on the moon too. Most of the junks are present
2 comments
Read more