What is phishing and how to detect it

What is phishing? It’s the most common question when you’re impersonating on the web. With the excitement and chaos of year-round online shopping, shoppers become vulnerable to a variety of online scams. One of the biggest blows is the phishing email hit.

Phishing is a very popular online trick used to steal credentials and payment information, usually through fake websites made to look almost identical to the originals, making it difficult for users to identify them.

Phishers are interested in credentials to access websites used by online shoppers, compromising personally identifiable information (PII) that can lead to data theft.

In 2014, online shoppers were the target of “Operation Huyao,” a phishing scheme that operated off the radar and used to leave its victims browsing the content of the original site. But then, potential victims were taken to a phishing page and the payment information was stolen when they went to check out and buy the product. When the buyer completed the transaction, he received a confirmation message of a successful transaction to make it appear legitimate.

After the personal data is compromised, the aggressor may sell the information, steal the identity or hijack other contacts for future phishing purposes.

Understanding what phishing is

What is phishing and how to detect it, What is phishing and how to detect it, Optocrypto

The term phishing comes from another English word (“fishing”), which means “fishing” in Spanish. And the operation of this malware is directly related to this quiet sport since what predominates in this illicit activity is patience.

Hackers do nothing more than a fishing expedition, throwing hundreds of lures over the Internet and then waiting for that “bite” or, more technically speaking, for someone to click on that malicious link.

These hooks come in several different formats, such as fake websites, bank and financial institution emails, promotions (often absurd) or personal messages, such as “Saturday’s party pictures”, for example.

Anything goes when it comes to throwing decoys, waiting for some unsuspecting user to bite the trap and getting that person’s personal data.

Types of Phishing
Phishing happens so frequently on the Internet that there are already different types of phishing that allow an evaluation of the attack. The two most common are:

  1. Blind Phishing: It’s the most popular type, the one that is dumped en masse through spam and email, in the hope that someone will fall into the trap;
  2. Spear Phishing: this type of attack is more specific and seeks to achieve specific and previously studied objectives. It is also more convincingly presented than the previous one.

How to identify and avoid online scams
Who has not received such messages as “update your bank details” or “congratulations, you are a new millionaire”, and other similar messages that are very striking?

This type of mail has become routine in our e-mail boxes and configures a very common hit on the Internet: phishing.

Check out these steps to avoid falling into the phishing trap:

 

  • Mark your favourite shopping sites. Avoid the use of search engines to find good businesses. Limiting your search to trusted shopping websites can reduce the chances of entering and buying on a fake website;
  • Always check the hyperlinks. To check the legitimacy of a URL, pass the mouse pointer over the built-in link before clicking on it. False links can be misleading, as scammers can use the URLs with the relevant terms of the original URL;
  • Stay away from emails or websites that require urgent action. Some messages will include desperate requests to click on some links or disclose your personal information.
  • Always review the credit card statements. Pay attention to unauthorized transactions.
  • If you discover that you have fallen into a phishing scam, immediately change the passwords and PINs of all your accounts. Notify the issuer of your card if you suspect any fraudulent activity in your account.
  • False e-mail addresses usually use the names of real companies combined with free internet domains, such as Yahoo, Gmail, Hotmail, among others. Check the full address of the sender.
  • Banks and companies treat their clients by name and surname, never as a special customer or using nicknames. Be careful with praise and everyday language. These e-mails must be formal and professional.
  • Take a look at the spelling and the grammar rules of the message. False e-mails often come with errors of this nature.
  • If you click on a link in a fake e-mail, try a password that is not yours. Fake websites will usually accept the information you provide. Leave this website in case this happens.
  • The low resolution of the images. The poor quality of logos and graphic elements on the websites can be an indication that the website is false.

 

Be careful on social networks. A biannual security report produced by Microsoft identified an exponential growth in phishing on social networks. This shows that, in addition to bringing people together, this type of network is also a new channel of action for malicious users. Although some of these sites feel clean and safe, the truth is that there are many risks involved. Therefore, it is important to take some precautions, such as not adding strangers as friends, as well as “closing” more personal information, such as telephone numbers and e-mail addresses.

Software to prevent phishing

The internet is one of the best tools known to mankind to do basically whatever you want. But Facebook, Twitter, Gmail, Dropbox, Paypal, eBay, bank portals, and so many other sites have twins that are actually phish.

A “phish” is a term for a scammer website that tries to look like a secure site you might visit frequently. The act of all these sites trying to steal your account information is called phishing. While it is very easy to see some sites as a phish, others are not so easy to detect.

Here are four different anti-phishing methods you can use to avoid becoming a victim of this type of fraud.

Use a custom DNS service

You need a DNS resolution service to be able to access all the sites you go to. Your computer does not automatically know where Facebook is (in terms of your Internet address or IP address), so you need to request a DNS resolution service for that IP address. The good news is that all Internet users have this service, thanks to their Internet provider. The bad news is, that’s all they do.

Apart from name resolution, DNS servers in ISPs do nothing else. However, there are some custom and independent DNS companies that do more than just name resolution.

They can also filter sites based on content and malware/phishing issues. There are many services that can do this, but the most popular is OpenDNS.

Use your browser’s phishing list

Did you know that modern browsers offer a phishing list? Browsers check the site you are visiting with this list to see if it is possibly a phishing site. If it is, your browser will start to warn you of the risks by showing you a large red page.

Use sites to review links

In case you are presented with a link but are not sure whether to click on it, you can copy and check it on a number of different sites. They can tell you if there is something wrong with these sites, including malware and phishing. Some of these sites are listed below:

  1. AVG Threatlabs
  2. Kaspersky VirusDesk
  3. ScanURL
  4. PhishTank
  5. Google Transparency Report
  6. Use your own skills and knowledge

This may sound like useless advice, but using your own skills to detect phishing sites can also be very helpful. There are some things you should look for to see if you’re about to get ripped off:

 

  • Find a secure connection. This is usually identified by a green area in the address bar, along with https in the URL.
  • Look at the domain of the URL. If you do not know what the domain of a URL is, here is an example: The Professional Review domain is professionalreview.com, while the PayPal domain is paypal.com, and so on. Check that the domain is as it should be, and not something strange.
  • Look at the site itself. If it does not look exactly like the place you’re used to, it could be a fraudulent site. You can double-check by opening a new tab and visiting the main page of the site where you think you are (if possible). If they are quite different, it is more than likely that it is a phishing site.

Final words and conclusion

In addition to following the security tips above, you should keep your operating systems and security software up-to-date.

In the virtual world, the criminal threat can come from anywhere on the planet. Now the threat is global, and you need to be sure that the right thing is being done to protect your online security.

With these anti-phishing tools and tips, you’ll be well equipped to detect and avoid phishing attempts. Therefore, you will be much more secure and your account information will remain private. With these tips and the right programs, you can hardly get into some kind of internet scam.