Internet Phishing and methods of protection against it
The most popular form of fraud on the web at the moment is phishing . Cybercriminals use fraudulent websites, keyboard interceptors, email messages that are compiled according to the rules of social engineering, etc. Every day these methods become more diverse and dangerous.
Phishing , as defined by Dr. Web, is a technology of fraud on the Web, which consists in the theft of personal confidential information, for example, data of identification and bank cards, access passwords, etc. By using email worms and spam emails, potential victims are sent letters from, allegedly, legal organizations. In these letters, they are asked to visit a fake website and confirm PIN codes, passwords and other personal information that will be used by fraudsters in the future to steal from the account of a victim of money or other crimes.
Phishing (Phishing). Not to be confused with fishing or pishing
Phishing (from phishing, from fishing - fishing, fishing) - a type of Internet fraud, the purpose of which is to gain access to confidential user data - logins and passwords. This is achieved by conducting mass mailings of e-mails on behalf of popular brands, as well as personal messages within various services, for example, on behalf of banks or within social networks. The letter often contains a direct link to a site that is apparently indistinguishable from the present, or to a site with a redirect. After a user gets on a fake page, fraudsters try with various psychological techniques to prompt the user to enter their username and password on the fake page, which he uses to access a certain site, which allows fraudsters to gain access to accounts and bank accounts.
Phishing is one of the varieties of social engineering based on the user's ignorance of the basics of network security: in particular, many do not know a simple fact: services do not send letters asking them to provide their credentials, password, and so on.
Simply put, the attackers lure users so that they themselves reveal their personal data, for example, phone numbers, numbers and secret codes of bank cards, logins and passwords of e-mail and accounts in social networks.
To protect against phishing, manufacturers of major Internet browsers have agreed to use the same methods to inform users that they have opened a suspicious website that may belong to fraudsters. New versions of browsers already have this feature, which is accordingly referred to as “anti-phishing”.
According to the company Websense, the most popular tool for creating phishing resources is the Rock Phish Kit . At the moment, the situation with phishing om is very similar to the situation that was several years ago when writing malicious codes when their designers appeared.
The essence of phishing is as follows: the attacker, deceiving the user, forces him to provide personal information (information about bank cards, names and passwords to various resources, etc.). The main difference between this type of fraud is the voluntary submission of information by the user. To achieve this, fraudsters are actively using the technique of social engineering.
Modern phishing can be divided into 3 types: online , mail and combo .
The oldest is mail phishing : a letter is sent to the recipient with a request to send some information.
Online phishing involves the following scheme: fraudsters copy official resources using similar domain names and design. Then everything is simple. A user who has visited such a resource can leave their data here in full confidence that they will fall into good hands. In fact, this information is in the hands of cybercriminals. Fortunately, there is now a tendency to increase user knowledge of basic information security measures, so this fraud scheme is gradually losing its relevance.
The third type is combined . Its essence lies in creating a fake website of a real organization, to which fraudsters are trying to lure potential victims. In this case,