What Are Phishing Protection Tips?

Phishing? Phishing? (Pronounced similar to English fishing? For phishing, also known as phishing or phishing attack) is by sending a large number of deceptive spam messages purporting to come from banks or other well-known institutions in order to entice the recipient An attack on sensitive information, such as usernames, passwords, account IDs, ATM PINs, or credit card details. The most typical phishing attack lures the recipient to a phishing website that is carefully designed to be very similar to the website of the target organization, and obtains sensitive personal information entered by the recipient on this website. Usually, the attack process will not let the victim alertness. It is a form of "social engineering attack".

fishing

(A form of phishing)

The term "phishing" is a combination of "Fishing" and "Phone". Since the original hackers used telephone to commit crimes, they replaced "F" with "Ph" and created "Phishing". However, today's "phishing" attacks use deceptive emails and fake Web sites to carry out fraudulent activities. The scammers often leak their financial data, such as credit card numbers, account usernames, passwords, and social security numbers. Scammers often disguise themselves as trusted brands such as well-known banks, online retailers, and credit card companies, and up to 5% of all users exposed to fraudulent information will respond to these scams.

"Phishing" is not an independent means of attack in its own right. It is more of a scam and is almost the same as some scams in reality. Hackers use deceptive emails and fake Web sites to conduct fraudulent activities, tricking visitors to provide some personal information, such as credit card numbers, account numbers and passwords, social security numbers, etc. (usually mainly those related to finance and account numbers ). Hackers often disguise themselves as trusted branded units such as well-known banks, online retailers, and credit card companies, so victims are often service providers and users who are involved in e-commerce. With the theft of 40 million credit card information in the United States in 2005, the Phishing incident has received close attention at home and abroad. In just past 2011, in addition to traditional fake Taobao websites, fake QQ websites, fake online banking websites, Liuhecai phishing websites, etc., hackers have also developed into fake sina websites, fake ticket websites, fake train ticket websites, fake drug websites, etc. It can be said that with the increase of Internet applications, especially the further development of e-commerce, "phishing" is growing at a high speed, and the threat to Internet users is increasing. ^[1]

There are many "phishing" methods used by online hackers. In summary, there are the following methods:

(1) Send spam emails to lure users

This type of method uses false information to lure users into traps, and hackers send a large number of fraudulent emails. These emails often use wins, consultants, reconciliations, etc. to entice users to fill in financial account numbers and passwords in emails, or for various pressing reasons (Such as swiping a card at a supermarket or shopping mall, asking the user to check), requiring the recipient to log in to a web page to submit user name, password, ID number, credit card number and other information, and then steal the user's funds.

(2) Establish counterfeit online banking and online securities websites

Fraudulent user account passwords and theft. Hackers have established websites with domain names and webpage contents that are very similar to real online banking systems and online securities trading platforms, enticing users to log in and enter information such as account passwords. The system steals funds; it can also use vulnerabilities in legitimate website server programs, insert malicious Html code in certain pages of the site, block important information that can be used to distinguish the authenticity of the website, and use cookies to steal user information.

(3) URL hiding

Hypertext markup language (HTML) rules can be used to make text hyperlinks so that phishers have the opportunity. Check the source code of the letter to quickly find out the mystery, and phishers wrote it like this. The Bbank website is displayed on the screen, but it actually links to Abank's trap site.

(4) Fraud with false e-commerce

The hacker established an e-commerce website, or posted fake product sales information on a relatively well-known, large-scale e-commerce website, and the hacker disappeared after receiving the victim's shopping remittance. Except for a few hackers who set up their own e-commerce websites, most of them used false e-mails on well-known e-commerce websites, such as "EBay", "Taobao", "Alibaba", etc. "," Smuggled goods "," charity bazaars "sell a variety of products, or subprime, many people are deceived by the temptation of low prices. Online transactions are mostly off-site transactions and usually require remittances. Hackers generally require consumers to pay part of the payment first, and then seduce consumers to pay the balance or other various names for various reasons. When they get the money or are found out, they immediately cut off the contact with the consumer.

(5) Theft of user information using Trojans and hacking techniques

Hackers spread the Trojan horse program by sending emails or hiding Trojan horses on the website. When a user infected with the Trojan performs an online transaction, the Trojan horse program can obtain the user account and password and send it to the designated mailbox. The user funds will be seriously threatened.

(6) Crack and guess user accounts and passwords using vulnerabilities such as weak passwords of users

Hackers used some user passwords to set overly simple accounts to crack account passwords. There are many weak password cracking hacking tools that can be downloaded for free online, and they can crack all kinds of relatively simple user names and passwords in a short period of time.

(7) Other means

In fact, in the process of carrying out "phishing" criminal activities, hackers often adopt the above methods to interweave and cooperate. It is worth reminding that "phishing" illegal activities do not preclude the emergence of new methods, and have not only been limited to online methods, but also include telecommunication fraud and other methods, such as the current flood of "junk cell phone text messages" and " "Trap phone", some of which are scam text messages, urging users to pay for non-existent "goods" that have already been consumed, or asking victims to provide accounts and passwords as familiar friends or relatives Strictly speaking, it should also belong to the category of "phishing". Therefore, by extension, any act of defrauding and misleading users through financial means (including communication) to suffer economic losses should be called "phishing" ^[1]

To avoid becoming a victim of Phishing, individual users must strengthen their awareness of security precautions and raise their level of security precautions. The targeted measures can be summarized as follows:

(1) Prevent spam: This is the most important and critical step in preventing phishing. Most spam emails today carry phishing links. Users often receive inexplicable emails, and click on the link because of curiosity, and what comes along is "cheap" or "counterfeiting". The information is bewildered, or a Trojan is installed. Therefore, using spam protection tools or proactively alerting to unknown emails is the first priority to prevent phishing.

(2) Install anti-virus system and network

Security experts said that the following five tips should be followed for secure online shopping:

1. Follow the rules and processes of the relevant platform.

2. Be cautious when receiving links and documents from transaction parties.

3. Strengthen security awareness, install professional anti-virus software, and keep the Internet environment safe.

4. It is recommended to use payment products, and regularly fix bugs and kill Trojans for computers.

5. In the end, when you encounter fishing, you must report to the public security organs as soon as possible and try your best to recover the losses.