What is phishing? How to prevent Phishing attacks effectively

Phishing is a dangerous form of cyberattack that can cause damage to individuals, organizations, or businesses. Let's find out what is a Phishing Attack ? Some ways to identify and prevent Phishing attacks through fake websites effectively.

1. What is Phishing?

Phishing  is a type of cyber attack that an attacker falsifies as a reputable unit to trick users into giving them personal information.

Typically, hackers will impersonate a bank, an online transaction site, an electronic wallet, a credit card company to trick users into sharing sensitive information such as login accounts and passwords, Transaction passwords, credit cards and other valuable information.

This attack is usually done by hackers via email and text message. Users who open the email and click on the fake link will be asked to login. If "hooked", hackers will get information immediately.

Phishing methods known for the first time in 1987. The origin of the word Phishing is a combination of two words:  fishing  for information  (the information) and  phreaking  (scams use someone else's phone to premium ). Due to the similarity between "fishing" and "user information", the term  Phishing was  coined.

2. Phishing attack methods

There are many techniques that hackers use to perform a Phishing attack.

2.1 Fake email
One of the basic techniques in phishing attacks is  email spoofing . Hackers will send email to users in the name of a reputable unit / organization, enticing users to click on the link to a fake website and "hooked".

The fake emails are very similar to the genuine ones, with only a few minor details, making many users confused and fall victim to the attack.

To make email content as authentic as possible, an attacker always tries to "disguise" with several factors:

Sender address (For example, the correct address is  [email protected]  , the fake address may be  [email protected] )

Insert the official Logo of the organization to increase reliability

Design pop-up windows exactly the same as the original (both in color, font, ...)

Using fake link technology (link) to trick users (Example: text is  jayki.com.vn but when clicking again navigate to jayki.com.vn )

Use the brand image of organizations in fake emails to increase credibility.

2.2 Fake the Website

In essence,  phishing websites  in Phishing attacks is just a fake landing page, not the entire website. The fake page is usually the login page to steal victim information. Website faking technique has some of the following characteristics:

Design to 99% similar to the original website

The link (url) is only different from 1 character. For example:  reddit.com  (real) vs  redit.com  (fake); google.com  vs  gugle.com ; microsoft.com  vs  mircosoft.com  or  verify-microsoft.com .

There are always messages that encourage users to enter personal information into the website (call-to-action).

2.3 Pass the Phishing filters

Currently, email service providers like Google or Microsoft have  spam / phishing filters  to protect users. However, these filters work by checking text in the email to detect whether the email is phishing or not. Understanding this, the attackers have  improved Phishing attack campaigns  to a new level. They often use  photos or videos  to convey fraudulent messages instead of text as before. Users should be absolutely wary of this content.

3. How to prevent Phishing

3.1 For individuals

To avoid hackers use  phishing attacks  to scam the Internet, collect your personal data, sensitive information. Please note the following:

Beware of emails  that tend to prompt  you to enter sensitive information. Regardless of how appealing the call is, it should be carefully examined. For example, when you have just purchased online, suddenly there is an email from the bank to offer you a refund, just enter the card information used to pay. Believe it ?!

Do not click on any links sent via email if you are not 100% sure.

Never send confidential information via email.

Do not respond to fraudulent messages. Fraudsters often send you phone numbers so you can call them for business purposes. They use Voice over Internet Protocol technology. With this technology, their calls can never be traced.

Use Firewalls and antivirus software. Remember to always update to the latest version of these software.

Please forward spam emails to [email protected] You can also email [email protected] This organization helps  fight other phishing.

3.2 For organizations and businesses

Training for employees to increase their knowledge about using the internet safely. Regularly organize training sessions and drills of fake situations

Use G-suite services for businesses, should not use the free Gmail service because it is easy to be fake.

Implement SPAM filter to prevent spam and phishing

Always update software and applications to avoid security holes that can be exploited by an attacker.

Proactively secure sensitive and important information. See more  Information security solutions for businesses .

4. How to identify a phishing email

Here are some common phrases if you receive an email or message that is a scam

"Verify your account" / "Verify your account"  - Legitimate websites will never ask you to send your password, account name or any other personal information from you via email.

"If you do not respond within 48 hours, your account will be deactivated." / "If you don't respond within 48 hours, your account will be closed."  - This is a message that transmits a message It is urgent for you to answer immediately without thinking

"Dear Valued Customer." / "Dear customers"  - Messages from phishing emails are often sent in large quantities and usually will not contain your first and last name.

"Click on the link below to access your account" / "Click the link below to gain access to your account." - HTML messages may contain links or forms that you can enter. Fill in the information as if the form was on a website. Such links may contain all or part of the information of actual companies and often "masked", meaning the links you see do not take you to the website you think, otherwise it will Take you to fraudulent websites.

5. Useful tools to help prevent Phishing:

SpoofGuard : is a  browser plugin  compatible with Microsoft Internet Explorer. SpoofGuard places a "warning" on the browser toolbar. It will turn from green to red if you accidentally visit a Phishing fake website. If you try to enter sensitive information into a form from a fake page, SpoofGuard will save your data and alert you.

Anti-phishing Domain Advisor: essentially a toolbar (toolbar) to alert phishing websites, based on Panda Security company data.

Netcraft Anti-phishing Extension : Netcraft is a reputable provider of security services including many services. Among them, Netcraft's anti-Phishing extension is highly rated with many smart alert features.

Address: 157 Nguyen Du - Hanoi - Vietnam. - Email: [email protected] Phone: 08.84654888
Copyright © 2016 - VOA. All rights reserved