Phishing is a type of Internet scam aimed at obtaining illegal access to confidential user data. 96% of phishing attacks come from email. Another 3% are carried out through malicious sites and only 1% – by phone.
Over the past 20 years, the Internet has grown into our lives. We use electronic payment services, pay utility bills using Internet banking, conduct business and friendly correspondence. If you do not follow the elementary rules of caution, our confidential information may become the prey of fraudsters.
What is Internet Phishing
Let’s take a closer look at what it is. Phishing is a type of Internet scam that steals confidential user data. Simply put, attackers trick users into disclosing their personal data, for example, phone numbers, numbers and secret codes of bank cards, logins and passwords of e-mail and social network accounts. To do this, users are offered a certain service or opportunity that lures them to such actions.
For example, users of the social network Instagram are offered to find out who visited their personal page (although in fact the social network itself does not provide such an opportunity), and customers of online stores are offered goods with a crazy discount.
The interest of malefactors can be caused by any other confidential information. Fraudsters “fish out” user data under various plausible pretexts: checking authorization on the site, the need to “unsubscribe” from spam emails, paying for a purchase at a bargain price or at a big discount, the need to install a new application.
How internet phishing works
The specifics of phishing is that the victim of fraud provides his confidential data voluntarily. To do this, attackers use such tools as phishing sites, e-mail newsletters, phishing landing pages, pop-up windows, and targeted advertising.
The user receives an offer to register for some benefit or to confirm his personal data, ostensibly for banking or commercial institutions, of which he is a client.
As a rule, scammers disguise themselves as well-known companies, social networking applications, email services. The sender’s email address really looks like the address of a company familiar to the user.
For example, in order to disguise themselves as the Aliexpress online store, scammers send emails from addresses containing the word Alliexpress or Aliexxpress. The same scheme is at work that makes people buy cheap Chinese sneakers from “world famous brands” like Pumma or Abibas.
Attackers take advantage of the low level of user awareness, in particular, ignorance of elementary network security rules. First of all, the organizers of phishing attacks are interested in personal data that gives access to money, so not only individuals, but also banks, electronic payment systems, and auctions can become victims of phishing.
How to recognize phishing
An email arrives that begins with the words “Congratulations! You have won…”. You are informed about the victory in a drawing or lottery, and in order to receive a prize, you just need to log in, leaving your personal account data on someone else’s resource. Strange as it may seem, such a primitive strategy of deception still works, since the hope for the best and the desire to receive a gift lie in human nature.
The offer to leave your confidential data may come from a resource that looks like a site you know well, but in fact turns out to be phishing. Fraudsters create phishing sites with a recognizable design and a similar address bar.
They lure visitors to phishing online stores with crazy discounts and low prices. After a person enters the information required to pay for goods with a credit card (credit card number, last name and first name, card expiration date and secret CVV code), the information gets to the attackers. The buyer is left without goods and without money on the card.
Sources of attracting audience to a phishing site
The sources of attracting users to phishing sites and applications are always different. This can be a direct mail, spam by email, advertising, or even a picture showing the functionality of the program/service, and a link to a phishing site is already given in the comments. At the same time, a phishing site can have a lot of comments supposedly from real users. This is the so-called “laying”.
Examples of internet phishing schemes
Sending fake email messages asking you to confirm your username and password. Attackers can spam millions of email addresses within hours. For this, the bases are pre-purchased. However, criminal liability is provided for such actions, and the servers from which spam is sent are calculated and banned, so this method is slowly becoming a thing of the past.
Fraudsters create emails with a fake “Mail From:” string by exploiting flaws in the SMTP mail protocol. When a visitor responds to a phishing message, a response email is automatically forwarded to the scammers via email.
Phishing schemes are popular in online auctions. In this case, the goods are put up for sale through a legitimate online auction, but the funds are transferred through a fake website.
Fake charities asking for donations.Creation of phishing online stores. Goods are sold at bargain prices or at deep discounts. This attracts visitors and they provide their bank card details without suspecting that they are becoming a victim of fraud.