What is phishing and how to detect it
Table of contents:
- Knowing what phishing is
- Types of phishing
- How to identify and avoid online scams
- Software to prevent phishing
- Use a custom DNS service
- Use your browser's phishing list
- Use sites to check links
- Use your own skills and knowledge
- Final words and conclusion
What is phishing? It is the most common question when identity is impersonated online. And it is that with the excitement and chaos of online shopping throughout the year, shoppers become vulnerable to various online frauds. One of the hits that increases the most is the hit via phishing email.
Phishing is a very popular online trick, used to steal credentials and payment information, usually through fake websites made to look almost identical to the originals, making it difficult for users to identify them.
Phishers are interested in credentials to access the websites that online shoppers use, compromising personally identifiable information (PII) that can lead to data theft.
In 2014, online shoppers were targeted by "Operation Huyao, " a phishing scheme that operated off the radar and used to leave its victims browsing the content on the original site. But later, potential victims were taken to a phishing page and payment information was stolen when they went to check out and buy the product. When the buyer finished the transaction, they received a confirmation message of a successful transaction to make it appear legitimate.
After personal data is compromised, the attacker can sell the information, steal your identity, or kidnap other contacts to become future spoofing targets.
Index of contents
Knowing what phishing is
The term phishing comes from another word in the English language (“fishing”), whose meaning in Spanish is “pescar”. And the operation of this malware is directly related to this quiet sport, since what predominates in this illegal activity is patience.
Hackers do nothing more than a fishing expedition, launching hundreds of lures online and then waiting for that “bite” or, in more technical terms, for someone to click on that malicious link.
These hooks come in several different formats, such as fake internet pages, email from banks and financial institutions, promotions (often absurd) or personal messages, such as "photos of the party on Saturday, " for example.
Anything goes when it comes to casting lures, waiting for an unsuspecting user to chew on the trap, and getting that person's personal data.
Types of phishing
Phishing happens so frequently on the internet that there are already up to different types that allow an assessment of the attack. The two most common are:
- Blind Phishing: is the best known type, the one that is thrown en masse by means of spam and email, in the hope that someone will fall into the trap; Spear Phishing: as its name indicates ("spear fishing" in Spanish), this type of attack is more specific and seeks to achieve specific and previously studied objectives. In addition, it is presented in a more convincing way than the previous one.
How to identify and avoid online scams
Who has not received those messages such as "update your bank details" or "congratulations, you are a new millionaire", and other similar messages that are very striking.
This type of mail has become routine in our email boxes and configures a very common blow on the internet: phishing.
Check these steps to avoid falling into the phishing trap:
- Bookmark your favorite shopping sites. Avoid using search engines to find good deals. Limiting your search to trusted shopping websites can reduce your chances of logging in and buying on a fake website; always check hyperlinks. To check the legitimacy of a URL, hover your mouse pointer over the embedded link before clicking on it. Fake links can be misleading, as scammers can use URLs with relevant terms from the original URL; stay away from emails or websites that require urgent action. Some messages will include desperate requests to click some links or disclose your personal information. Always check your credit card statements. Pay attention to unauthorized transactions. If you find out that you have fallen for a phishing scam, immediately change the passwords and PINs of all your accounts. Notify your card issuer if you suspect fraudulent activity on your account. Fake email addresses normally use the names of real companies combined with free internet domains, such as Yahoo, Gmail, Hotmail, among others. Check the sender's full address. Banks and businesses treat their customers by first and last name, never as a special customer or using nicknames. Be careful with praise and everyday language. These emails must be formal and professional. Take a look at the spelling and grammar rules of the message. Fake emails often come with errors of this nature. If you click on a link in a fake email, try a password other than yours. Fake websites will normally accept the information you provide. Leave this website in case this happens. Low resolution images. Poor quality logos and graphic elements on websites may be an indication that the website is fake.
Be careful on social media. A biannual security report produced by Microsoft identified an exponential growth in identity theft on social media. This shows that, in addition to bringing people closer, this type of network also presents itself as a new channel of action for malicious users. Despite the fact that some of these sites give the feeling of being a clean and safe place, the truth is that there are many risks present. Therefore, it is important to take some precautions, such as not adding unknown people as friends, in addition to "closing" the most personal information, phones and email addresses, for example.
Software to prevent phishing
The internet is one of the best tools known to humanity to basically do whatever you want. But Facebook, Twitter, Gmail, Dropbox, Paypal, eBay, bank portals, and so many other sites have twins that are actually phish.
A "phish" is a term for a scam website that tries to look like a safe site that you could visit frequently. The act of all these sites trying to steal your account information is called phishing. Although it is very easy to see some sites as a phish, others are not so easy to detect.
Here are four different antiphishing methods you can use to avoid falling victim to this type of fraud.
Use a custom DNS service
You need a DNS resolution service to be able to access all the sites you go to. The team does not automatically know where Facebook is (in terms of its internet address or IP address), so it needs to request a DNS resolution service for that IP address. The good thing is that all Internet users have this service, thanks to their internet provider. The bad news is that that's all they do.
Other than name resolution, DNS servers on ISPs do nothing else. However, there are some independent, custom DNS companies that do more than just name resolution.
They can also filter sites based on content and malware / phishing issues. There are many services that can do this, but the most popular one is OpenDNS.
Use your browser's phishing list
Did you know that modern browsers offer a phishing list? Browsers check the site you are visiting with this list to see if it is possibly a phishing site. If it is, your browser will start warning you of the risks by showing you a large page with red colors.
Use sites to check links
In case you are presented with a link but you are not sure about clicking on it, you can copy it and check it on a number of different sites. These can tell you if there is something wrong with these sites, including malware and phishing. Some of these sites are as follows:
- AVG ThreatlabsKaspersky VirusDeskScanURLPhishTankGoogle Transparency Report
Use your own skills and knowledge
This may sound like useless advice, but using your own abilities to detect phishing sites can also come in handy. There are a few things you should look for to see if you are about to be scammed:
- Find a secure connection. This is generally identified by a green area in the address bar, along with https in the URL. Look at the domain of the URL. If you don't know what the URL domain is, here is an example: The Professional Review domain is profesionalreview.com, while the PayPal domain is paypal.com, and so on. Check that the domain is as it should be, and not something strange. Look at the site itself. If it doesn't look exactly like the site you're used to, it could be a scam site. You can double check by opening a new tab and visiting the home page of the site you think it is on (if possible). If they are quite different, it is more than likely a phishing site.
Final words and conclusion
In addition to following the security tips above, you should keep your operating systems and security software up to date.
In the virtual world, the criminal threat can come from anywhere on the planet. Now the threat is global, and you need to be sure that the right thing is being done to protect your online security.
With these anti-phishing tools and tips, you will be well equipped to detect and prevent phishing attempts. Therefore, you will be much more secure and your account information will remain private. With these tips and the right programs, you can hardly fall for any type of scam on the internet.
Rootkits: what they are and how to detect them in linux
Rootkits are tools that allow intrusive activities to be hidden within a system, after an intruder has managed to penetrate it
What is the bottleneck and how to detect it
We explain how it is and how the bottleneck influences your PC. We also give you the necessary keys to find out and the most common components.
Outlook will allow you to alert when you detect phishing
Outlook will allow you to alert when you detect phishing. Find out more about the new measure to be taken in this service.
