Core
Essential
- Joined
- 21.09.20
- Messages
- 85
- Reaction score
- 261
- Points
- 53
Types of phishing
What is it?
Phishing is a type of email distribution under the name of a popular brand or social network administration. The goal is to get encrypted user data.
This is a subspecies of social engineering that relies on users ' poor knowledge of Internet security.
In practice, I have encountered three types of phishing:
- Online - using an identical design and a similar domain;
- Mail - creating emails with a fake string on behalf of any organization;
- Combined - designing a fake site where a person must enter all the information themselves.
A common trick is to use images instead of text. The security systems of some web resources do not recognize spam or threats in them. This way you can bypass the lock. But now there are servers that scan text on an image. This complicates our task.
Today, several types of phishing have appeared:
Vishing is the use of Internet telephony to transfer Bank funds to malicious accounts. The essence is quite simple: the Fraudster calls from an unknown number, confuses the client, and at the end asks for confirmation of the data - account number, password, code word, PIN code, etc.
Smishing - fraud by SMS. The phone receives a message supposedly from the Bank or the site administrator. The victim is asked to go to the specified web resource and enter data for initialization.
Pharmacy services - this method involves replacing the DNS address. When clicking on the "original" address, the user is redirected to the fake page. It is very difficult to recognize a fake in this case.
The most common form of phishing at the moment is mass mailing. It's effective because it doesn't have a specific purpose. If the attack is directed at one person, they may simply have doubts and not go to the fake page. This means that there will be no result. But when a large group of people is attacked, someone is bound to get caught.
How is it applied?
I want to explain the method to you:
- The hacker sends the victim an email with a link to a fake site;
- The victim goes to;
- Enters all personal data without suspecting anything;
- The attacker gets the information, and someone else's page is in his hands.
An important role in this operation is played by the email containing the link. It should be appropriately designed to inspire confidence. They often send a message under the guise of administration. Use prepositions such as:
- Your page will be frozen;
- Suspicious activity detected on your page;
- Go through re-identification to secure your account.
Example:
"In our online store today discounts up to 60%! Have time to buy products at ridiculous prices! To get a discount coupon for all products of the store, just log in to the site via the social network and log in to your personal account!".
The secret of success is in the email that the hacker sends. It carries a large semantic load, so it should be as convincing as possible for the user. You should take a closer look at the style of letters from the administration. You can't make mistakes, it will immediately give out a fake. It is necessary to use strong arguments so that the user enters all the data without hesitation.
How can I help you?
The method is quite simple, but does it bring results? Let's discuss what it can give us:
- Personal data (username and password) of a specific person;
- Information for filling in a special database that is created for the purpose of subsequent sales;
- Information about Bank cards;
- Access to other people's accounts.
Advantages of this method:
- Easy to use, even a beginner can handle it;
- This method is still quite effective, especially if you do mass mailing;
- No programming skills required;
- With a responsible attitude, the probability of a positive outcome increases.
Disadvantages:
- Efficiency has been declining in recent years due to user awareness;
- Social media security systems recognize phishing emails as spam and block them;
- The method may not bring the expected result;
- Information security filters can detect a fake site and remove it.