In recent years, for hackers and other cybercriminals , as well as for most companies, our data has become of much more important value than simply selling us anything through advertising in the mail, applications or any other the way these people come to us. what is phishing
To such an extent our data has such value, that for some time there have already been several scammers to take them away and sell them to third parties or simply blackmail us. One of these ways is called “Phishing”, which, in addition to being the most used method to steal data, is also the most dangerous, since the user must always be very attentive to detect it, and almost always fails, with the ensuing disaster.
That is why it is so important that the user knows with certainty what are the points to take into account to avoid becoming a victim of an attack by a Phishing network, and prevent the inconveniences that may arise from a criminal using your personal information to commit scams.
INTERESTING: Macro virus. What are they? How to fight them
From this point on, all the information regarding Phishing and also the ways to prevent bank data, credit cards or any other banking operation that we have stored on the computer from being stolen .
What is Phishing?
Depending on the seriousness of being victims of a Phishing attack, and due to the increasing proliferation of this crime, the Federal Trade Commission published a report detailing the factors to take into account in order to avoid becoming victims.
It is a form of fraud on the Web designed to steal the identity of the user. Through a phishing scam, hackers try to obtain information such as passwords, credit card numbers, bank account details , among other personal information. Typically phishing attacks arise through spam or pop-up windows. According to some statistics, 20% of attacks obtain personal data.
How does Phishing work?
Hackers send millions of fake emails that appear to be sent from popular websites or from websites that people trust, such as the bank where the person has an account. The e-mails and the websites they refer to give the impression of being official, enough to persuade many people of their legitimacy.
Many people do not know that these emails from the bank are false and end up responding to the request for personal data. To generate e-mails that look as true as possible, the scam developers can add fake e-mail links that appear to lead to a legitimate website, but nevertheless lead the user to the fake website with an identical appearance to the one. official Web site. These copies are generally called counterfeit websites.
Examples of Phishing
To understand in simple features how Phishing works, nothing better than doing it through an example with a task that we usually do every day. In this scenario, we are clients of a certain bank, in which we have a checking account with some deposits.
One morning we get up and see that in the inbox of our email account we have a message from our bank asking us to click on a link in the body of the email with any excuse, which can be, for example, the update of the registration of clients of the entity. Let us also suppose that in the very body of the message we are reminded of the importance of doing so, or even some threat such as that they will proceed to close the account if they do not hear from us.
At this point, users who have no experience in security, and how banks work with new online resources, most likely, scared and without thinking too much, click on the link, with which the poor are it will unleash all hell.
Unfortunately, there is no going back, we will have taken the bait. It should be noted that this is the most classic example of Phishing. In the case of wanting to know more about the existing types of Phishing, it is enough that we continue reading the rest of the post.
Types of Phishing
There are several types of Phishing, each of them specialized in a particular class of user or device. From this point on, we will learn about the different types of Phishing in order to be prevented from an attack of this nature.
The first type is Standard Phishing, also known as “Deceptive Phishing” or “Clone or Redirect Phishing”. This is the most used method of Phishing. Generally, in these cases the offender impersonates, through an email, someone we trust or a reputable company, with which the user generally “bites”.
The purpose of this is to obtain information such as passwords or access codes to services or other sites to be able to access them remotely and commit their crimes.
Malware-Based Phishing ”, which is a type of Phishing that stands out because in the emails that are sent to users to hook them in the deception malware is added as an attachment or that we can download by clicking on a link in the own email. Unfortunately, this type of Phishing has an excellent level of effectiveness, especially in companies and users who do not take security seriously.
The so-called “Spear Phishing” stands out from the previous ones mainly due to the fact that the attack uses a lot of real data about the victim, such as the name, the position they occupy in a company and other very personal data. The two most important sources for the spread of this type of Phishing are email and social networks.
In this sense, it is widely used in another variant of Phishing called “CEO Impersonation”, which is a methodology that consists of obtaining CEO credentials or any other hierarchical user within the company structure. The deception is basically sending an email on behalf of said CEO or executive to the company to which it belongs requesting classified data or asking for a payment or transfer to be made.
Another type of Phishing, although today in decline, is the so-called “Smishing”, which has the characteristic of not being used through email, but through SMS messages, that is to say, telephone messages over the line . As in the other Phishing methods, the hacker impersonates someone from a well-known and trusted company, after which he tells the user that he has won a prize, and that to obtain it he must click on a link and follow a few instructions . Fortunately, this type of Phishing is less and less credible, and therefore it is losing effectiveness with the passage of time.
In addition to those mentioned, there are other types of phishing, less known but just as dangerous. One of them is called “Vishing”, which comes from the contraction of two English words : “Voice” and “Phishing”. This type of Phishing affects companies with employees who use many telephone lines without much control.
In this type of Phishing, the criminal or hacker impersonates an employee of a support center, bank or provider in order to obtain valuable information about their victims, such as passwords, that will lead them to a greater goal.
Although much more intricate and difficult to implement than other types of Phishing, the so-called “Pharming” is widely used by cybercriminals to steal data from companies and their employees. Basically, hackers modify the host files and other important files of the companies in order that the URL requests that are made from the company are directed to a false address, that is to say to a website that is not the real one.
The real problem happens when the employee enters the system with their credentials, which are stored by cybercriminals for later acts.
Another type of Phishing is through the browser, and it can happen when we use our favorite web browser, regardless of the developer. This Phishing through the browser happens when the official page of a website or service is impersonated with another illegitimate one through SEO techniques, which will seek to locate the false page higher in the results than the official and true page. Like the other types of Phishing, the goal is to obtain password data and so on.
How to protect yourself from Phishing?
Here are some interesting recommendations in this regard, which it is good to always keep in mind when browsing the Internet or when checking our email:
In principle, whenever we receive an email or a message through a Pop-up in which we are asked for personal financial information or of any kind, it is important that we never respond , but also we must not click on the links that may appear in the message.
It is very important to note that all companies and organizations that work within the legal framework never request this type of data from their clients or members through emails or Pop-up.
But also, we should not copy and paste the link either, since we bear in mind that phishing networks operate by generating fake websites, which have a similar appearance to the official pages of the organization , precisely to deceive us.
If the message we receive alerts us to a possible problem with our account, and we are left in doubt that something strange is happening with its activity, what we must do is communicate with the company, through the way in which we usually do it and not through this message.
One of the aspects that can protect us on the Internet is the permanent use of antivirus and firewall applications, which must also always be updated. In this link we will find a list of the best antivirus to keep us protected from phishing, spam and other threats.
We bear in mind that not only can information be stolen from us due to our naivety, but also some messages of this type include malicious software, which works by damaging our computer, and even tracking the activities that we usually carry out while we are connected to the network of networks. , and without us knowing.
This is precisely where the antivirus and firewall programs act, protecting us and preventing the email system that we usually use from automatically accepting these types of unwanted files, since these tools filter incoming communications looking for malware code.
The chosen antivirus must be able to recognize any type of current virus, as well as old, while the firewall will allow us to remain invisible while browsing the Internet, and at the same time blocking communications from unauthorized sources.
2. No sensitive information by mail
Always, always, but always, you should avoid sending financial information or any type of personal data through email.
It must be borne in mind that email, although it facilitates communication, the truth is that it is not a secure method to transmit personal information, regardless of whether we think that the person requesting such information is a known contact.
In the event that we are in the middle of the beginning of some type of transaction with an organization through its website, and we must send personal information, it is essential that we verify the existence of security indicators.
Among them, one of the most used is the padlock icon, called “Lock”, which can be found in the browser’s status bar. We can also ensure the veracity of the site, checking that the URL of the web begins with “https”, since the letter “s” is the initial used to indicate that it is a secure site.
However, it is preferable to avoid sending information by this type of means, since nowadays some developers of Phishing methods have managed to falsify even the most frequent security icons.
3. Beware of summaries
Another important factor to take into account to avoid being caught by a Phishing network is to perform an analysis of the different summaries of our bank accounts and credit cards as soon as we have received the Phishing-type message, that is, to verify, authorize or provide information.
In the event that we verify that the summary of our account is delayed more than two days, it is convenient to contact the bank or the credit card company, in order to confirm the billing address and the balances of our accounts.
We must be really careful whenever we have to download or open files attached to the emails we have received, regardless of the sender that appears in the email, since as we said, the Phishing attack can be masked in the name of an acquaintance or a organization that is familiar to us.
We bear in mind that these types of attachments may contain viruses or malicious codes that affect the security of our PC and of our data and activities over the Internet.
In the event that we receive an email from a company or organization of which we are clients or members, it is important that we resend the received email suspicious of Phishing reporting what happened , since most companies usually carry out analyzes on them to avoid that they continue to spread.
- Never respond to requests for personal data by e-mail. If in doubt, call the institution that claims to have issued the e-mail.
- Only visit a website if you entered the URL in the address bar of your internet browser.
- Check if the websites you access use cryptography.
- If you have suspicions of theft of personal information, urgently contact the competent authorities.
What is Tabjacking?
It is inescapable to run the risk of virtual attacks while browsing the Internet, everyone knows that. In addition to installing programs to defend the computer, such as antivirus and anti-spyware, it is necessary to be aware of the threats created by malicious people. Caution is the best precaution against digital pests.
However, this mission is not as easy as it seems. Crackers are not stupid at all and have innovated in the way of stealing information on the web. The latest novelty of these thugs is called Tabjacking or Tabnabbing , a form of phishing camouflaged as known pages.
Tabjacking is a type of phishing , and to understand how it works it is necessary to clearly understand what this type of virtual crime is. Simply put, phishing (a concept that in English refers to the term fishing, a literal translation of fishing) is a fr aude carried out on the internet with the aim of stealing data and personal information.
Crackers aren’t really dumb at all. Seeing that traditional attacks no longer paid off as before, they invented a new way of carrying out their fraud, this time much more planned and elaborate. The new style of attack has been called Tabjacking, its difference is camouflage.
How does tabjacking work?
Unlike traditional phishing, Tabjacking uses fake pages, very similar to the original ones, to deceive the user and get their confidential data. The elaborate information theft system uses a feature very common to current browsers: multiple tabs.
While the Internet user navigates carefree, Tabjacking comes into action through links or pop-ups on popular Internet pages and opens a new tab in the browser. This is the difference of this new type of phishing, since the open window has the appearance, title and icon of an official site , such as Gmail.
When the user sees that their email service is in an open tab, waiting for the login, it is very common for the person to enter their data on impulse and confirm the operation. Phishing, being a smart move by cackers, uses the stolen information and performs the login normally, that is, the user did not even realize that he was cheated.
INTERESTING: Differences between boss and leader
How to protect yourself from tabjacking
It is essential to be attentive to all our steps in the digital world to avoid problems and damages. We give you some tips so that you do not fall into the traps of the internet:
- Verify the veracity of the senders of any type of message, whether by email, social network or instant messenger. Ask your friend if it was really him who sent you that link or ask your bank manager about any notification of a problem with your account.
- Do not open suspicious messages , with unknown senders or services in which you are not registered.
- Do not believe in everything you receive by email , no one will give you a million dollars for clicking on a link.
- In case you want prevention against this type of attack, you can install an anti-phishing. For example: Phishing Detector, PhishGuard for Firefox, Phishing Doctor, and McAfee SiteAdvisor Internet Explorer.
- Keep the machine’s defense software (antivirus, anti-spyware and anti-phishing) and the browser always up-to-date.
- On websites that require login (username and password), always verify that the page address is authentic (in the address bar). The locks displayed to the right of the Address Bar or at the bottom edge of the browser are a simple and practical way to do this verification.