Phishing - as the most dangerous form of cyber fraud

Cybersecurity is an endless arms race, the defenses and the attacking tools are constantly improving. But in this struggle, by definition, one side is weaker, because no matter how better the technical means of defense, the weakest link in the system does not change. And this link is a person. Sometimes a person is the only way to hack a system, in the absence of visible vulnerabilities, as it stores passwords, and all you need is to find an approach, a psychological weakness. This kind of illegal receiving of information is called social engineering, and it has been successfully used since the 80s, from the very beginning of the existence of computer networks. The first such cybercriminal was Kevin Mitnik, he popularized this name. Social engineering has many subsections, but we will talk about phishing, because this method has been and remains popular and very dangerous, because of its simplicity of execution.

What is phishing?

Phishing (from English fishing - fishing) - fished out user data in such a way that the user himself pecks at the bait and enters his personal data on the scam resources. As a fish believes a bait worm is real, and the user can not distinguish between the tools of phishers from the sites under which they are disguised. Two main methods can be used to obtain data:

Mailing letters from services and brands leading to a fake website. Such a site copies the present interface or contains a redirect to another page. After hitting the page from the user, you need to enter your login and password, which he usually does.
Fake links. In the link other domain zones are used, similar symbols are substituted, or the name is written with an error, and this does not immediately strike the eye. For example, 0 can be used instead of o - G00GLE.COM. Or, for example, a popular purse for the Etherium has a huge number of phishing clones. How is this in the example.

These methods were successfully used to attack users of banks, social networks, mail services, and now they are also used to obtain private keys of crypto currency holders. After all, the only way to take other people's money in the crypto currency is to find out the private key of the user, which will help to get access to his address.

Phishing does the most damage

According to a Google research, phishing attacks are the biggest threat if you compare them with the keyloggers and with the re-use of one password on different accounts. Together with scientists from the University of Berkeley and the International Institute of Computer Science, they analyzed several black account markets, data from March 2016 to March 2017. Experts found about 788,000 accounts obtained through keyloggers, 12.4 million stolen through phishing and 1.9 billion logins and passwords that flowed into the network in other ways, through the hacking of various databases. The chances of hacking their Google account, in comparison with the regular user, are 400 times higher among phishing victims, only 10 times higher among the victim of the database leakage and 40 times higher among the victim of the keylogger.

Phishing users crypto currency

In addition to the methods already described, in the crypto-currency world several relatively new ones are now flourishing: phishing through advertising banners, through chat rooms, as well as direct attacks on specific users via SMS. In all these cases, intruders need the user to go to the purse clone site and enter their private key.

In the case of advertising banners, an old trick is used in a new form - in contextual advertising Google Adwords links are placed with domains similar to writing on the website of a particular wallet. User who did not notice the substitution, parted with his private key.

The threat from the chat comes in a slightly different form. The bot sends a message that the user's account has been compromised or not verified and suggests to follow the link and change the address by entering the private key. The link, of course, leads to a phishing site.

And the last case, if the user has a solid enough amount on the exchange, and this becomes known, a point strategy can go into play. A sms-message with the real name of the user is sent, where it is informed that the account is blocked, and to unblock it it is necessary to immediately go to the exchange and update the data. At the same time, letters from the same "stock exchange" can be sent in parallel and even calls can be received from fake employees. Of course, this requires much more work and is rarely used.

How to protect yourself

In fact, everything is not so bad. It is necessary to follow the basic rules of security, always carefully check the addresses on which you enter your personal data, especially passwords from payment systems and crypto currency. Use two-factor authentication where possible to prevent an attacker from entering, even by accessing your password. In the case of crypto-currencies - use offline wallets and special browser extensions to send their funds from the address to the address. This will help protect against such cases as hacking in June 2017 popular purse Classic Ether Wallet. The attacker somehow convinced the domain name support service that the domain belongs to him, and translated the DNS server to his phishing site, collecting private keys for hours. As a result, an amount equivalent to about 300 thousand dollars was stolen. If users preferred an offline wallet, their funds would remain intact.

Also there is a large number of browser-based add-ons for checking phishing sites. At the time of this writing, the search finds in Firefox 42 add-ons for the query "phishing". These small plugins check those sites on which the user enters and block them or mark them in the address bar in case of unreliability of the resource. And if you are careful and attentive, your data will not be threatened.

Your safety is in your hands, keep your personal data safe.