What is phishing? and how to avoid Biting Fishing

    Are you learning about Phishing and security issues?

    Phishing and cheating on the internet world is very popular today.

    So how to not be " Bite Fishing " will be explained in this article by the Hawk.

    But first, learn some concepts!
    What is phishing?

    What is phishing?
    How does Phishing work?
    Typical example of Phishing

    Phishing forms
    1. Spear Phishing
    2. Clone Phishing
    3. Voice Phishing
    4. Whaling Attack

    The impact of Phishing on you
    Phishing attacks in 2012

    Protection against Phishing attacks
    1. Two-Factor Authentication (two-step authentication)
    2. HTTPS instead of HTTP
    3. Anti-Spam software
    4. Links in Email
    5. Firewall (Firewall)

    What is phishing?

    Phishing is a fraudulent way in which a fake attacker is a reputable individual or organization in an email, or other communication channel. An attacker uses phishing emails to distribute malicious links or attachments that can perform various functions, including collecting login or account information from the victim ..
    Phishing is very popular with cyber criminals (internet).

    For tricking someone into clicking on a malicious link in a phishing email (very similar)

    It is much easier than trying to pass security classes .

    How does Phishing work?

    Phishing is targeted by hackers the most on social networks (Facebook, Instagram, Twitter ..)

    By contact forms such as email, live chat, messages on MXH, sms ....

    As you can see today for information on people on Facebook is not difficult.

    By basic information such as email, name, phone number, address, history, work ....

    They will use them to prepare a fake email, and send it to you.

    Sometimes you don't expect it and will believe this is real and anonymous email Click.

    And you have been "bitten" by all login information, bank card ...

    They are stolen by scammers.

    Typical example of Phishing

    Here are some typical examples of phisihing

    A fake email from myuniversity.edu (very similar to real) is sent to all teachers.
    The email declares that the user's password is about to expire (1 day left).
    This guide contains a link to myuniversity.edu/renewal to renew their password within 24 hours.
    Typical example of Phishing

    Some possible consequences when clicking on the other link such as:

    The user is redirected to myuniversity.edurenewal.com , a fake phishing website that requires both a new password and an existing password. The attacker will collect the password to hijack the administration area of ​​the school website.

    The user will be redirected to the real password change page. However, during redirection, a malicious script will activate in the background to hijack user session cookies. This leads to an XSS attack, allowing the culprit to access the privileged area.

    Phishing forms

    Currently phishing has many different types.

    Attackers change and find the most sophisticated ways to deceive you.

    Here I will introduce you some of the most popular types.

    1. Spear Phishing

    Spear phishing is a type of attack based on the victim's information (personal or organization).

    Then send phishing emails with specific information to deceive them (like confirming the password)

    Or maybe take advantage of people who work with you to fake

    In order to perform spear phishing hackers will need to gather the target's information.

    Then will plan to attack.

    2. Clone Phishing

    With clone phishing scammers will take advantage of the original email (such as email changing GG account account password)

    Copy with the same content (note the email sent, sometimes just the ".")

    They will then replace it with another URL, or attach a file containing malicious code.

    Because this email is sometimes "identical" to the original, you will be easily fooled.

    3. Voice Phishing

    Voice phishing is also known as phishing via automated dialog.

    Victims will be notified of unusual activity on bank accounts and credit cards.

    And caught up to confirm the information to "usurp"

    Sometimes this form of phishing also comes via SMS to the victim, asking for confirmation of information.

    4. Whaling Attack

    Whaling is a type of fraud directed at those who have high positions in certain organizations.

    Hackers will have to plan carefully and thoroughly, because these are big goals (hard to trick).

    The hacker information will need to be accurate and detailed.

    Often they will pretend to be a higher-level employee, and demand their execution.

    The impact of Phishing on you

    Phishing is a serious crime in the cyber world. Phishing can cause:

    • Financial loss
    • Lost data
    • Blacklist of organizations
    • Spreading malware and viruses into computers or a computer system
    • Unauthorized use of user details
    • Abuse your social security number etc.

    Phishers can also get user account information and open a new account with the victim's name.

    Phishing can even be used to ruin someone's life, by abusing their personal information.

    Phishing attacks in 2012

    According to the Anti-Phishing Working Group (APWG), phishing attacks have increased significantly, these phishing sites are mostly in the US.

    In the last three months of 2012, an average of more than 25,000 phishing email reports were sent to APWG.

    In addition, phishing websites grow like mushrooms over 45,000 / month.

    To see more detailed reports before the last quarter of 2012, click here


    Financial services and payment services are a common goal of phishing fraud, increasing 12% in phishing reports in online games.

    Game information is being stolen by hackers and games, sold in the black market for cash. Players are also affected.

    Protection against Phishing attacks

    Being on the lookout for fake emails is the main factor you need to pay attention to.

    But is there a way to not become a phishing victim?

    Here are some ways ...

    1. Two-Factor Authentication (two-step authentication)

    Gmail , Facebook , Dropbox, Microsoft, Apple iCloud and Twitter are all applications that support Two-Factor Authentication.

    During this process, you log in with a password, and another code will be sent to your phone.

    So unless the hacker has your phone, you can access your account.

    Two-Factor Authentication

    2. HTTPS instead of HTTP

    HTTPS is a safer HTTP protocol because it encrypts your browser and all the information you send or receive.

    Especially information such as bank cards, Visa, Master. HTTPS or SSL is a must-have on the online sales website.

    It will help protect your sensitive personal information.

    If you don't know  how to add SSL and HTTPS in WordPress

    Please refer to our installation service .

    How the fake website can be identical to the real website, so check carefully to see if https is ok (green lock next to the URL)

    3. Anti-Spam software

    It is best that you do not receive fake emails and let them spam.

    You will be less likely to encounter phishing emails.

    We've got an article How to prevent junk email with WordPress , read it if you don't know yet.

    4. Links in Email

    Never click on the link received in the email from an unknown or unverified source.

    Such links contain malicious code and you will be asked to log in or enter your personal information when you visit.

    Always search for organization names from search engines and click on from search results.

    5. Firewall (Firewall)

    With a firewall, users will prevent multiple hijack browsers. It is important that both the computer's firewall and the network firewall check the origin of the traffic, whether it's an acceptable domain name or Internet protocol. It is also effective against viruses and spyware attacks.

    Hope this article helps you understand what Phishing is and how to prevent the phishing threats online.

    No comments