Phishing is a scam in which cybercriminals attempt to gain access to your sensitive information, such as passwords, credit card numbers, or social security numbers, by impersonating a legitimate sender.
In other words, phishing is a copy of a valid website or app.
What kind of phishing site is this?
I tried to find active phishes on the Internet, but it didn't work out, ads is cut off, so we'll sort it out on our own.
There is a website: mercury.com (banking)
If you enter "mercury" in the Google search, then we will see the original site in the search results, and you may also come across a copy of this site, for example, with the domain merucry.com, or mecrury.com, or even mercury.site, etc.
What's the point? Go to fish mecrury.com, we enter our login details, click the send sms button, enter the code, and can't log in to your acc.. at the same time, on the other side, your data comes to the panel: login+password+IP (not always), the attacker enters your data on the original site (or application), sends you a code and enters it to log in to your acc. Then he manages his personal account as he pleases.
What is app phishing?
Android. In the play store, the user can upload their app almost without any problems. Quite often, the play store does NOT ban apps that use someone else's brand and you can make money from this)
Let's break it down!
We are sitting in some application or website and see ads: KFC coupon for 70% only now in our application * * *
Download the application identical to the real KFC prilka and really (!), when you enter the coupon, we get a 70% discount - go to the payment, enter your card details, enter the 3d code and "thank you for your order", after which the money is withdrawn from your bank card.
Yes, it's that simple. For some reason, the SB (security service) does not treat such holes in their system.
Each carder (drive-in) works out the map using its own method. Someone will write off exactly the amount for which the order was placed, someone will link the card to Google Pay/apple Pay and first write off the order amount, then warm up the card with time and write off everything from it to zero, someone will immediately write off large amounts by code or through linking.
Common areas for fish: food, banking, clothing. Why?
People eat and order delivery. Every day, hundreds of people order food at a distance of 1 km.
People, especially girls, are constantly ordering clothes.
And people also like the red price tag (discount), which means they will buy even more, they will go to the site.
Some of the most common phishing schemes include:
1. Email-phishing - fake emails that are similar to official messages from banks, online stores, or services that you use. They usually contain links that lead to fake websites where you are asked to enter your personal information.
2. SMS phishing - Fake text messages that may contain links to fake websites or apps that look like they were sent from your bank, store, or other entity.
3. Voice phishing-This type of attack uses an automated dialer system to trick people into providing confidential information. Fraudsters usually pose as customer support services or other official organizations.
4. Phishing through social networks and instant messengers-cybercriminals can create fake accounts in social networks and instant messengers and communicate with people, posing as official representatives of support services or other trusted persons.
5. Phishing on Fake Websites-scammers can create fake websites that are very similar to the official websites that you are aware of. They usually intercept information you enter, such as usernames and passwords, and use it to gain access to your accounts.
In other words, phishing is a copy of a valid website or app.
What kind of phishing site is this?
I tried to find active phishes on the Internet, but it didn't work out, ads is cut off, so we'll sort it out on our own.
There is a website: mercury.com (banking)
If you enter "mercury" in the Google search, then we will see the original site in the search results, and you may also come across a copy of this site, for example, with the domain merucry.com, or mecrury.com, or even mercury.site, etc.
What's the point? Go to fish mecrury.com, we enter our login details, click the send sms button, enter the code, and can't log in to your acc.. at the same time, on the other side, your data comes to the panel: login+password+IP (not always), the attacker enters your data on the original site (or application), sends you a code and enters it to log in to your acc. Then he manages his personal account as he pleases.
What is app phishing?
Android. In the play store, the user can upload their app almost without any problems. Quite often, the play store does NOT ban apps that use someone else's brand and you can make money from this)
Let's break it down!
We are sitting in some application or website and see ads: KFC coupon for 70% only now in our application * * *
Download the application identical to the real KFC prilka and really (!), when you enter the coupon, we get a 70% discount - go to the payment, enter your card details, enter the 3d code and "thank you for your order", after which the money is withdrawn from your bank card.
Yes, it's that simple. For some reason, the SB (security service) does not treat such holes in their system.
Each carder (drive-in) works out the map using its own method. Someone will write off exactly the amount for which the order was placed, someone will link the card to Google Pay/apple Pay and first write off the order amount, then warm up the card with time and write off everything from it to zero, someone will immediately write off large amounts by code or through linking.
Common areas for fish: food, banking, clothing. Why?
People eat and order delivery. Every day, hundreds of people order food at a distance of 1 km.
People, especially girls, are constantly ordering clothes.
And people also like the red price tag (discount), which means they will buy even more, they will go to the site.
Some of the most common phishing schemes include:
1. Email-phishing - fake emails that are similar to official messages from banks, online stores, or services that you use. They usually contain links that lead to fake websites where you are asked to enter your personal information.
2. SMS phishing - Fake text messages that may contain links to fake websites or apps that look like they were sent from your bank, store, or other entity.
3. Voice phishing-This type of attack uses an automated dialer system to trick people into providing confidential information. Fraudsters usually pose as customer support services or other official organizations.
4. Phishing through social networks and instant messengers-cybercriminals can create fake accounts in social networks and instant messengers and communicate with people, posing as official representatives of support services or other trusted persons.
5. Phishing on Fake Websites-scammers can create fake websites that are very similar to the official websites that you are aware of. They usually intercept information you enter, such as usernames and passwords, and use it to gain access to your accounts.
