PL
DE
UK
What is phising?
Phising is an old, simple, but strangely effective way to steal your data – you could lose some of your savings or worse – suffer image damage. What does phising consist of? How do Internet scammers operate? Is there a way to avoid the threat?
- How does phishing work?
- How to unmask an Internet scammer?
- How to protect yourself from pseudohackers?
- Summary
Phising – the modus operandi of an online scammer
The people who use this method are usually amateurs who don’t have much in common with hackers – for this reason, we’ll just call them Internet scammers, or pseudo-hackers. Phising involves copying a domain to make it look identical to the site you intend to visit.
At the very beginning, the scammer sets up a hosting account, duplicates the content of a website of his choice (usually only the login page) and sets up a fake site with a similar name so as not to arouse suspicion of his victim. The next step is to find a potential victim – this is usually done through instant messaging, dating sites or by e-mail (such messages usually land in spam), and the most audacious scammers post their link in Facebook groups.
Clicking on the link doesn’t mean you’ve been robbed – you still have to enter your information. If you didn’t pay attention to a few details and typed in your login and password, problems may begin.
Phising – is there anything to fear?
Does the above scenario of events sound scary to you? If so, let me introduce you to some ways to unmask the scammer:
- No SSL certificate – a phishing site in the vast majority of cases does not have a security certificate. How to check it? In the browser bar there is a small padlock that indicates whether the site is secure – its absence means no SSL. In addition, the address of such a site starts with http://, while a secure site starts with https://. NOTE: it also happens that the term of the SSL service has run out, and the domain owner has forgotten or has not yet managed to pay for the certificate.
- Strange website address – let’s take the most popular social network – Facebook – under the microscope. Note that its web address is preceded by a padlock and does not contain strange characters. If you come across an unsecured site that is a mere imitation of this social network, it will have a strange, unnatural domain address: for example, bit.ly/fac3b00k.
- If you have a good antivirus, in most cases it will inform you that the site was phishing and automatically block your access to it. Don’t fall for assurances from a scammer who says you should disable security and try again.
A pseudo-hacker will try in every way to get your sensitive data. Initially, the scammer will impersonate another person, then try to gain your trust in order to deprive you of what you care about most – your savings or privacy.
How to avoid the danger?
If a scammer has somehow obtained your data, messages will be sent to your email address about suspicious login attempts – don’t ignore it! Change your passwords and log out of all devices.
The best way to protect yourself from this type of scam is with a good antivirus, your vigilance and securing the login to your account with a multi-step method. The scammer won’t be able to do anything if he doesn’t have access to your cell phone – after all, he would have to confirm the login with an SMS code or access notifications.
WORTH REMEMBERING: Phising does not provide access to your cell phone!
As an experienced Internet user, you realize that it is not worth believing all information. You can easily avoid unpleasant situations by verifying the facts. For example, if you find information on a social media platform that a famous celebrity is dead, click on a phony link and a login panel pops up, verify the information first – just use a search engine.
Do you use dating sites and a scammer claiming to be a beautiful woman (or handsome man) seems suspicious to you? Use an image search engine and verify the photo – pseudo-hackers use fictitious accounts and VPNs (less often TOR browsers), thinking that this way they preserve their anonymity. I guarantee you that by using the advice in this article, you will verify the scammer in a few moments. Reporting the case to the police, preferably by going directly to the cybercrime department usually has an express result – the pseudo-hacker’s computer will be secured and the case will be handled by a prosecutor.
At ITH, as part of the ITH NaaS service, we offer dedicated Fortigate access routers – which provide traffic filtering and surveillance. Fortigate is able to detect fake websites and block them.
Phising – summary
The method of fraud known as phishing is as old as the Internet itself. The scammer claims to be someone else or creates a site that is confusingly similar to the original – such a site, however, has easily recognizable imperfections. In reality, if you use a good antivirus, are attentive and have safeguards in place, in the form of a multi-step login, you need fear nothing.