Showing posts with label SSL. Show all posts
Showing posts with label SSL. Show all posts
Are you learning about Phishing and security issues?

Phishing and cheating on the internet world is very popular today.

So how to not be " Bite Fishing " will be explained in this article by the Hawk.

But first, learn some concepts!
What is phishing?

What is phishing?
How does Phishing work?
Typical example of Phishing

Phishing forms
1. Spear Phishing
2. Clone Phishing
3. Voice Phishing
4. Whaling Attack

The impact of Phishing on you
Phishing attacks in 2012

Protection against Phishing attacks
1. Two-Factor Authentication (two-step authentication)
2. HTTPS instead of HTTP
3. Anti-Spam software
4. Links in Email
5. Firewall (Firewall)

What is phishing?

Phishing is a fraudulent way in which a fake attacker is a reputable individual or organization in an email, or other communication channel. An attacker uses phishing emails to distribute malicious links or attachments that can perform various functions, including collecting login or account information from the victim ..
Phishing is very popular with cyber criminals (internet).

For tricking someone into clicking on a malicious link in a phishing email (very similar)

It is much easier than trying to pass security classes .

How does Phishing work?

Phishing is targeted by hackers the most on social networks (Facebook, Instagram, Twitter ..)

By contact forms such as email, live chat, messages on MXH, sms ....

As you can see today for information on people on Facebook is not difficult.

By basic information such as email, name, phone number, address, history, work ....

They will use them to prepare a fake email, and send it to you.

Sometimes you don't expect it and will believe this is real and anonymous email Click.

And you have been "bitten" by all login information, bank card ...

They are stolen by scammers.

Typical example of Phishing

Here are some typical examples of phisihing

A fake email from (very similar to real) is sent to all teachers.
The email declares that the user's password is about to expire (1 day left).
This guide contains a link to to renew their password within 24 hours.
Typical example of Phishing

Some possible consequences when clicking on the other link such as:

The user is redirected to , a fake phishing website that requires both a new password and an existing password. The attacker will collect the password to hijack the administration area of ​​the school website.

The user will be redirected to the real password change page. However, during redirection, a malicious script will activate in the background to hijack user session cookies. This leads to an XSS attack, allowing the culprit to access the privileged area.

Phishing forms

Currently phishing has many different types.

Attackers change and find the most sophisticated ways to deceive you.

Here I will introduce you some of the most popular types.

1. Spear Phishing

Spear phishing is a type of attack based on the victim's information (personal or organization).

Then send phishing emails with specific information to deceive them (like confirming the password)

Or maybe take advantage of people who work with you to fake

In order to perform spear phishing hackers will need to gather the target's information.

Then will plan to attack.

2. Clone Phishing

With clone phishing scammers will take advantage of the original email (such as email changing GG account account password)

Copy with the same content (note the email sent, sometimes just the ".")

They will then replace it with another URL, or attach a file containing malicious code.

Because this email is sometimes "identical" to the original, you will be easily fooled.

3. Voice Phishing

Voice phishing is also known as phishing via automated dialog.

Victims will be notified of unusual activity on bank accounts and credit cards.

And caught up to confirm the information to "usurp"

Sometimes this form of phishing also comes via SMS to the victim, asking for confirmation of information.

4. Whaling Attack

Whaling is a type of fraud directed at those who have high positions in certain organizations.

Hackers will have to plan carefully and thoroughly, because these are big goals (hard to trick).

The hacker information will need to be accurate and detailed.

Often they will pretend to be a higher-level employee, and demand their execution.

The impact of Phishing on you

Phishing is a serious crime in the cyber world. Phishing can cause:

  • Financial loss
  • Lost data
  • Blacklist of organizations
  • Spreading malware and viruses into computers or a computer system
  • Unauthorized use of user details
  • Abuse your social security number etc.

Phishers can also get user account information and open a new account with the victim's name.

Phishing can even be used to ruin someone's life, by abusing their personal information.

Phishing attacks in 2012

According to the Anti-Phishing Working Group (APWG), phishing attacks have increased significantly, these phishing sites are mostly in the US.

In the last three months of 2012, an average of more than 25,000 phishing email reports were sent to APWG.

In addition, phishing websites grow like mushrooms over 45,000 / month.

To see more detailed reports before the last quarter of 2012, click here


Financial services and payment services are a common goal of phishing fraud, increasing 12% in phishing reports in online games.

Game information is being stolen by hackers and games, sold in the black market for cash. Players are also affected.

Protection against Phishing attacks

Being on the lookout for fake emails is the main factor you need to pay attention to.

But is there a way to not become a phishing victim?

Here are some ways ...

1. Two-Factor Authentication (two-step authentication)

Gmail , Facebook , Dropbox, Microsoft, Apple iCloud and Twitter are all applications that support Two-Factor Authentication.

During this process, you log in with a password, and another code will be sent to your phone.

So unless the hacker has your phone, you can access your account.

Two-Factor Authentication

2. HTTPS instead of HTTP

HTTPS is a safer HTTP protocol because it encrypts your browser and all the information you send or receive.

Especially information such as bank cards, Visa, Master. HTTPS or SSL is a must-have on the online sales website.

It will help protect your sensitive personal information.

If you don't know  how to add SSL and HTTPS in WordPress

Please refer to our installation service .

How the fake website can be identical to the real website, so check carefully to see if https is ok (green lock next to the URL)

3. Anti-Spam software

It is best that you do not receive fake emails and let them spam.

You will be less likely to encounter phishing emails.

We've got an article How to prevent junk email with WordPress , read it if you don't know yet.

4. Links in Email

Never click on the link received in the email from an unknown or unverified source.

Such links contain malicious code and you will be asked to log in or enter your personal information when you visit.

Always search for organization names from search engines and click on from search results.

5. Firewall (Firewall)

With a firewall, users will prevent multiple hijack browsers. It is important that both the computer's firewall and the network firewall check the origin of the traffic, whether it's an acceptable domain name or Internet protocol. It is also effective against viruses and spyware attacks.

Hope this article helps you understand what Phishing is and how to prevent the phishing threats online.


The following article will tell you what is the SSL_ERROR_RX_RECORD_TOO_LONG errorHow to prepare?

This is the SSL error code warning Firefox browser and the website user almost can not do anything because it comes from the wrong setting from the server.

There are many causes, but two main reasons for this error are:
  • Check that port 443 is installed (open) correctly
  • Related to TLS version

How to fix

Upgrade to TLS 1.3, if you are not ready to support TLS 1.3 for any reason, at least ensure you are supporting TLS 1.2.
Support for TLS 1.0 and SSL 3.0 is currently deprecated and TLS 1.1 off is also recommended.
HTTPS is running on port 443 and you must open this port