The Internet has become an integral part of the life of each of us. The network opens up many incredible opportunities - communication, shopping, paying bills and various entertainment. But, unfortunately, not always and not everyone uses the Internet for the benefit of society.
Due to the rapid development of a large number of resources, many types of fraud have appeared, aimed at obtaining confidential data and their further use for personal gain. Some of the most popular of them are phishing, vishing, smishing, and pharming. However, in order to effectively counter them, you just need to use basic security rules and know how to recognize popular threats, which we will talk about below.
The number of cybercrimes is growing from year to year. Fraudsters look for loopholes and make the most of any information posted on the Internet. They find phone numbers and call victims, posing as bank employees. The person is informed that he has won in the drawing, and in order to send the prize, he is asked to provide his passport details. Sometimes cybercriminals do not need to invent new schemes - users on their pages in social networks share data that can be used to their detriment. How to avoid becoming a victim of cyber villains? Collected useful tips for you.
Phishing
Phishing (English phishing, from fishing - fishing, fishing) is a kind of secret information obtaining by the attacker, in which the offender, using social engineering means, "cheats" the client to reveal his personal data. Such data can be bank card number and code, phone number, login and password from any service, etc. Basically, this type of "catching" is used to gain access to online banking or the victim's wallet in a particular payment system and withdraw funds to other accounts.
How does phishing work?
A phishing email is sent to the email address of the attacked person, which, first of all, affects the emotions of the recipient. For example, it can be a notification about a big win or, conversely, a message about a hacked account with a further offer to follow a phishing link and enter authorization data. The user goes to the provided resource and "gives" his login and password into the hands of the fraudster, who, for his part, quickly operates with the information received.
There are some specific examples of internet phishing:
Wishing
One should not ignore such an urgent problem as wishing (English wishing - voice + phishing). Vishing is a type of phishing that also uses social engineering methods, but this time using a phone call.
How do visher attackers usually act?
The phone receives a call from a bank employee and the operator warns that if the full information of the bank card is not provided to him by phone right now, the card will be blocked. A gullible user, hearing such a "threat", immediately falls into a panic and can give out all personal data up to the verification code from SMS.
Also, when vishing, a profitable purchase with a huge discount may be offered or information about winning in any promotion may be announced. There is no need to immediately rejoice at such a successful purchase or a profitable promotion, it is always worthwhile to double-check the information by referring to official resources.
In any incomprehensible situation, the main thing is not to panic. Remember - you can always check everything. Say goodbye to your interlocutor politely and call the hotline of the organization whose representative the caller said. So you can easily understand whether the call was justified, or you almost became a victim of vishing.
Farming
Still, classic phishing may become less effective in the near future. Many users are already aware of the dangers that await them on various resources and adhere to safety rules. In accordance with this, a new subtype of phishing scams was invented - pharming, which secretly redirects the user to third-party sites.
How does farming work?
The peculiarity of pharming is the substitution of this site for a fraudulent one, which allows an attacker to take possession of the user's confidential data. All this is done by using the DNS cache on the user's end device or on the provider's network equipment. After the substitution, the attacker can only wait for the client to log in to a certain resource and collect all its data.
The virus activates its activity only at the moment of going to the page of interest. This often applies to online banking or other payment systems through which money transactions are carried out.
It is quite difficult to protect yourself from pharming, since the process of replacing the site occurs imperceptibly. To protect yourself from pharming, you need not only to learn how to recognize fraudulent emails, but also to be careful about installing software. It is necessary to be extremely careful when reading e-mails and downloading any programs from the Internet. Pharming programs can run either from the browser cache or directly as a virus on your PC.
Skimming
Another method actively used by scammers is skimming. Skimming is the copying of payment card data using a special device (skimmer). The card data is read when the cardholder inserts it into the ATM. To obtain a PIN-code, attackers install mini-cameras or overlays on the keyboard.
Shimming
Shimming is a modernized form of skimming. The scheme of deception is similar: all important data is read from the cards inserted into the ATM, the only difference is that there are no visual signs of the presence of a shima inside the device.
Fraudsters, instead of very bulky and visually noticeable overlays on the card reader, use a thin, flexible, almost invisible device that is located inside the card reader. It reads the card data later used by attackers.
Fake ATMs
Sometimes scammers create fake ATMs and leave them in unguarded locations. Such devices outwardly completely copy the real ones, but the "filling" contains a built-in computer with a system installed on it, a skimmer and keyboard overlays. The victim inserts the card, tries to perform some action, but the ATM issues an error. The person takes the card, but all the information from it has already been read.
You can fall for the bait of intruders not only by using an ATM, but also by paying with a card, say, in restaurants or shops. The algorithm is similar: a waiter, salesperson, or cashier can use a skimmer or a portable device attached to the terminal.
Carding
The term carding refers to fraudulent transactions with payment cards (card details) that are not approved by the cardholder. Carding involves various methods of defrauding the rightful owner of material assets.
There are three basic directions of fraudulent activities:
Due to the rapid development of a large number of resources, many types of fraud have appeared, aimed at obtaining confidential data and their further use for personal gain. Some of the most popular of them are phishing, vishing, smishing, and pharming. However, in order to effectively counter them, you just need to use basic security rules and know how to recognize popular threats, which we will talk about below.
The number of cybercrimes is growing from year to year. Fraudsters look for loopholes and make the most of any information posted on the Internet. They find phone numbers and call victims, posing as bank employees. The person is informed that he has won in the drawing, and in order to send the prize, he is asked to provide his passport details. Sometimes cybercriminals do not need to invent new schemes - users on their pages in social networks share data that can be used to their detriment. How to avoid becoming a victim of cyber villains? Collected useful tips for you.
Phishing
Phishing (English phishing, from fishing - fishing, fishing) is a kind of secret information obtaining by the attacker, in which the offender, using social engineering means, "cheats" the client to reveal his personal data. Such data can be bank card number and code, phone number, login and password from any service, etc. Basically, this type of "catching" is used to gain access to online banking or the victim's wallet in a particular payment system and withdraw funds to other accounts.
How does phishing work?
A phishing email is sent to the email address of the attacked person, which, first of all, affects the emotions of the recipient. For example, it can be a notification about a big win or, conversely, a message about a hacked account with a further offer to follow a phishing link and enter authorization data. The user goes to the provided resource and "gives" his login and password into the hands of the fraudster, who, for his part, quickly operates with the information received.
There are some specific examples of internet phishing:
- Attackers send millions of letters on behalf of a well-known company to various e-mails, asking them to confirm their username and password. When you click on the provided URL, you can see an authorization page that is absolutely identical to the page on this resource. The catch, most likely, is hidden in the link to the site itself - the domain will be very similar to the real one, but differ in a few symbols. A similar type of message can also be found on various social networks. For example, phishing on Vkontakte was popular a few years ago.
- Fraudsters, exploiting flaws in the SMTP protocol, send emails with a fake "Mail From:" string. The visitor, responding to such a letter, sends it into the hands of the offender.
- You should also be careful when participating in online auctions. Since goods offered for sale, even through a legal resource, can be paid through a third-party website.
- A lot of users come across bogus Internet organizations asking for donations.
- Online stores with extremely "affordable" prices can also be counterfeit for branded goods. As a result, there is a possibility of paying for a product that will never be received, since it never existed.
Wishing
One should not ignore such an urgent problem as wishing (English wishing - voice + phishing). Vishing is a type of phishing that also uses social engineering methods, but this time using a phone call.
How do visher attackers usually act?
The phone receives a call from a bank employee and the operator warns that if the full information of the bank card is not provided to him by phone right now, the card will be blocked. A gullible user, hearing such a "threat", immediately falls into a panic and can give out all personal data up to the verification code from SMS.
Also, when vishing, a profitable purchase with a huge discount may be offered or information about winning in any promotion may be announced. There is no need to immediately rejoice at such a successful purchase or a profitable promotion, it is always worthwhile to double-check the information by referring to official resources.
In any incomprehensible situation, the main thing is not to panic. Remember - you can always check everything. Say goodbye to your interlocutor politely and call the hotline of the organization whose representative the caller said. So you can easily understand whether the call was justified, or you almost became a victim of vishing.
Farming
Still, classic phishing may become less effective in the near future. Many users are already aware of the dangers that await them on various resources and adhere to safety rules. In accordance with this, a new subtype of phishing scams was invented - pharming, which secretly redirects the user to third-party sites.
How does farming work?
The peculiarity of pharming is the substitution of this site for a fraudulent one, which allows an attacker to take possession of the user's confidential data. All this is done by using the DNS cache on the user's end device or on the provider's network equipment. After the substitution, the attacker can only wait for the client to log in to a certain resource and collect all its data.
The virus activates its activity only at the moment of going to the page of interest. This often applies to online banking or other payment systems through which money transactions are carried out.
It is quite difficult to protect yourself from pharming, since the process of replacing the site occurs imperceptibly. To protect yourself from pharming, you need not only to learn how to recognize fraudulent emails, but also to be careful about installing software. It is necessary to be extremely careful when reading e-mails and downloading any programs from the Internet. Pharming programs can run either from the browser cache or directly as a virus on your PC.
Skimming
Another method actively used by scammers is skimming. Skimming is the copying of payment card data using a special device (skimmer). The card data is read when the cardholder inserts it into the ATM. To obtain a PIN-code, attackers install mini-cameras or overlays on the keyboard.
Shimming
Shimming is a modernized form of skimming. The scheme of deception is similar: all important data is read from the cards inserted into the ATM, the only difference is that there are no visual signs of the presence of a shima inside the device.
Fraudsters, instead of very bulky and visually noticeable overlays on the card reader, use a thin, flexible, almost invisible device that is located inside the card reader. It reads the card data later used by attackers.
Fake ATMs
Sometimes scammers create fake ATMs and leave them in unguarded locations. Such devices outwardly completely copy the real ones, but the "filling" contains a built-in computer with a system installed on it, a skimmer and keyboard overlays. The victim inserts the card, tries to perform some action, but the ATM issues an error. The person takes the card, but all the information from it has already been read.
You can fall for the bait of intruders not only by using an ATM, but also by paying with a card, say, in restaurants or shops. The algorithm is similar: a waiter, salesperson, or cashier can use a skimmer or a portable device attached to the terminal.
Carding
The term carding refers to fraudulent transactions with payment cards (card details) that are not approved by the cardholder. Carding involves various methods of defrauding the rightful owner of material assets.
There are three basic directions of fraudulent activities:
- Theft or illegal receipt of a card is either a physical impact on the owner, or a search for vulnerabilities in the process of issuing, delivering or registering a banking product and the use of the card by an intruder.
- Compromise of card data for subsequent counterfeiting. First of all, we are talking about copying the data of the magnetic stripe of the card and stealing the PIN-code. This type of fraud was most widespread before the massive transfer of cards to chip technology. Today, such a scheme is rare, since in Russia about three years ago, a ban on the issuance of non-chip cards was introduced, and Chip Liability Shift is in effect almost all over the world - the acquiring bank's duty to service a card with a chip is based on the chip.
- Compromise of card details for performing CNP transactions (without the presence of the card). A striking example is paying for purchases or services on the Internet.
