Phishing is one of the scams in the world of the internet. But what is a phishing attack? Phishing enables hackers to access important information of users, including their banking information. Phishing attacks are one of the most common cyber attacks. In this article, we will look at what phishing means and talk about attack techniques.
Phishing is a term used to describe stealing from an individual or group of users, using email or creating toxic pages. These emails and pages are created to collect users' personal information such as bank account, email account and other user information.
Phishing in simple language, which is actually abbreviated to Password Harvesting Fishing, means hunting the user's password through a bait.
Attackers who use phishing attacks, use different techniques to collect confidential information. One of these methods is to create fake pages and refer users to those pages. Users also trust these pages because they are designed to look like the main pages and enter their personal information on those pages. In the following article, we will review the different techniques of phishing attacks.
In this article, we are going to talk about phishing, how to detect phishing attacks and how to deal with it. As you know, there are always people who break the law and attack the rights of others in different environments to make more profit. In fact, cyberspace and the Internet are not free of such people. Phishing is a term used to describe a group of attacks aimed at gaining access to the confidential information of others. One of the most important pieces of information that attackers usually look for is the password of different accounts. In addition, username, bank account number, date of birth and many other confidential information items are among the things that phishing websites are looking for.
Here are some phishing techniques, and phishing risks, and you'll learn more about the meaning of phishing:
Phisher (attacker) creates a toxic page and directs users to that page through various means (such as email). Once the user has trusted them , they are asked to enter their confidential information on those pages. For example, for online shopping, it guides the user to a poisoned link to enter its bank account information on that page in order to do bank account phishing.
In this method, the attacker tries to get as much information about the victim as possible in order to gain his trust. 91% of phishing scams use this method. This method applies to groups. This means that instead of sending emails to thousands of users, phisher sends so-called bulk emails (emails to a specific group that it has already identified).
In this method, Phisher receives an email sent by the company and replaces the links in it with the desired links. It then sends the email to users of the same company.
The attacker creates a site with free internet, and dominates all users and tries to steal their confidential information.
In this method, phisher sends an incorrect but similar link to the user.
For example, imagine that you want to exchange webmoney to perfect money on PayPax, instead of the link: paypax.io, paypex.io address will be sent to you.
Phishers have recently started posting photos instead of links, which makes it harder for anti-phishing.
Not all phishing happened on the Internet. Recently, phishing through texting or contacting users has also become very common. In this method, messages are sent to the user that are apparently sent by the bank and ask the user to dial a specific number, for example, due to a defect in their account. After getting the number (which belongs to phisher and is provided by VOIP service), the user is asked to enter his second account number and password. Or by sending an SMS, the user is asked to go to the ATM to receive the gift and enter the codes with the English part of the device. The result of this case is the transfer of money to the phisher account.
This is one of the methods that is difficult to detect. An attacker creates an Internet line in public places with the name of that place. That users will enter to make a mistake and through this the attacker will have access to personal information.
Of course, there are other methods such as Whaling, Website forgery, Tabnabbing for phishing.
For a user who typically uses eBay or any other online service, this email can be a common question to describe their user information. Of course, phishing emails are for stealing information such as username and password and bank account information and so on.
Since phishing emails are sent in bulk, they have no idea who you are, for example:
An email from PayPax arrives telling the victim that their account has been compromised and will be deactivated unless they confirm their credit card details.
The link in the phishing email takes the victim to a fake PayPax website and the stolen credit card information is used to commit further crimes
In farming, a large number of users are attacked and in fact become victims. In this case, in the victimized system, there is no need to confirm the victim user and there is no need to send emails to users one by one. In fact, farming is done by modifying the host files on the victim computer or by exploiting the vulnerabilities of the DNS server.
In order to be able to deal with phishing attacks well, we need to know them first. Here are some ways to detect a phishing attack:
Check secure connection: Pay attention to the address bar when you log in to the web page for online payment. Make sure the page address starts with a lock icon or https: // on the left side of the address bar. It is safe to say that the presence of these signs greatly relieves us of the notion that the website is not fake, but pay attention to the important point that this case is not 100% work! There are other things to keep in mind.
Carefully study and check the domain address of the website: In fact, sometimes attackers only add or subtract one or two letters from the original domain address to make the fake URL look normal. So, make sure that the URL written after https: // or the lock icon must match the URL of the main website.
Play the role of forgetful people! When entering account information for online payment, assume that you have forgotten it and entered incorrect information. For example, enter the card number and cvv2 number or other details incorrectly. What happens here is that the main website detects and warns of inaccurate information. While the fraudulent website, because it is not connected to the central bank system, does not notice this error and does not show you an error message. So, you will easily notice that the website is fraudulent.
Get help from the software: You can install an anti-phishing extension on your browser. In this way, most of the reviews are done by the extension. The extension automatically checks the authenticity of the website, and if the website is detected as fraudulent, a warning message is displayed.
Refresh the payment page: As you know, many payment pages place irregularly numbered keyboards for more security. One simple sign is that refreshing a scam screen does not change the placement of the numbers on the keyboard.
Now that we have some ways to detect a phishing attack, it's time to deal with it. It is clear that performing these steps and identification methods is the most important step in preventing such attacks. However, there are other things you can do to help prevent phishing attacks. Some of these measures are: