On the Internet you often hear about phishing, but not everyone knows what it really is. This explains what it is , how it works and more import, how to protect themselves from phishing .
What is phishing?
Phishing is nothing but an attempt to evade , put into practice through the Internet, which has as its sole purpose is to steal confidential and sensitive information, such as information, user names, passwords, access codes, account numbers or the current data credit cards (in fact phishing comes from the English word fishing boat).
To do this, usually the bad guys do not use viruses, spyware, malware or other malicious software, but simply use techniques of social engineering through which are studied and analyzed the habits of the people (ie potential victims), in order to wrest useful information .
The preferred technique
implement phishing involves sending emails (very often these messages spam ) with the appearance and characteristics very similar to those found in web sites and authoritative especially popular as banks, post offices and online payment services (but not only). In addition to this technique, there are, however, of the other (which are less frequent, but still effective), as spear phishing , sending special SMS (called smishing ) or even through simple phone calls.
How does phishing work?
Who wants to launch a phishing attack usually occurs at a standard methodology that involves several steps. The first is to send to the victims of e-mail messages containing the information (and maybe even the logos) as to seem, at once familiar and appealing as possible.
To have to be credible
the received message informing the user (not coincidentally always call his name) by simulating situations that may occur like, for example, a password has expired, the acceptance of changes in contracts, the potential renewal of the card or prepaid credit (as, for example, Visa or Mastercard), problems related receivables, the online money transfer charges or accounts (such as PayPal, MoneyGram or Western Union ), the failure, the presence of incomplete or incorrect information (as It regards the Italian Post Office, but also the Google account, Facebook or Twitter), the presence of vacant places of special interest (perhaps invite you to enter the bank to ensure that they are the first to benefit) and other usual things.
After then captured your attention, the message (with an attachment or a link) allows you to log on the website, it seems (as far as possible) the official, with the hope that this will enter your user name, password and / or other information that may be useful.
If at this point the unsuspecting user “Bait the hook”, the phisher (striker) will have at will the data in its possession with all the unpleasant consequences.
The protection against phishing?
Unfortunately, in addition to phishing, there is another technique used to gain access to personal and confidential information. This technique is called pharming and has virtually the same purpose of phishing (to steal sensitive information) just trying to put into practice with other methods: first, by changing the server DNS of ‘ ISP , the second by the’ use of special programs called Trojan . Regardless of the technique used by the bad guys, however, to guard against phishing or pharming, but just follow a few simple tips:
- Check the source of the message and read it carefully because there may be grammatical errors, formatting or translation, that should make you suspicious then;
- Never click on links and do not download / open any attachments in the message. Also, if you really want to achieve (or reach) the alleged source, do it directly and not through the message was sent;
- Always check ‘ URL of the site that appears in the address bar and never let too many tabs open in the browser (or you could be the victim of a technique called tabnabbing );
- Periodically check the movement of the account and, if possible, activate the SMS service that informs you when the movements are made of money;
- Immediately block any suspicious payments and collect debts that you did not request (or you might even be accused of money laundering);
- Finally, if you notice any suspicious email, report it to the owner of the e-mail service (just mark the message as spam). If you notice any suspicious sites would be appropriate to make a complaint to the competent authorities (or at least inform the real source): in this way and help themselves, but also others.
In addition to following these simple tips to protect yourself against phishing sites by false certificates SSL (which are used to verify the reliability or otherwise of a site) and also to cross-site scripting (sometimes referred to as XSS), keep your favorite browser to date and perhaps install a free extension like the one offered by Netcraft (compatible with Mozilla Firefox , Google Chrome and Oper a ) that helps to recognize these potential risks and, among other things, also allows you to report a suspicious URL . Once the extension is installed, to use it, simply click on it in this way you will know some useful information on the website you are visiting (and, if necessary, you will avoid a priori open.)
At this point you should have understand what it is , how it works and, most importantly, how to protect themselves from phishing .