Methods of phishing
Phishing can be divided into some categories:
-Voice (call) phishing
-Voice phishings were common until the smartphones came out. These are the type when you get an urgent call from someone who says things like, "This is the ooobank. We are sorry for your inconvenience but our server was hacked(or whatever) and we need to confirm something. Please tell your personal info,..blahblahblah". The person sounds very professional, like a real bank! So, do I tell him my account information? No. Banks NEVER (NEVER EVER EVER EVER) ask your personal information via calls. Check the caller number, if possible, and end the call and try calling it again. If the number does not exist, it means that the call was a phishing call, because phishers use different numbers every time.
-SMS-phishing (a.k.a. Smishing)
-Smishings are occurring more nowadays, with more accuracy and development. They contain links, which are phishing sites! (Yay!) The most common ones are: "Get a free pizza coupon here! [www.pizzaforfree.com] Enter your address, your ID number, and many more personal info!" or "Your account at OOO is in trouble because of IP changes! Go check!" or "Update your vaccine here: OOO.com". Well, don't. First, companies never ask for your personal information SMS-wise. Also, they won't be needing them! Why would they? They already have your info when you signed up in their database, or in a hard disk, or whatever.. If you get a message like this, think first then act. If you think about it, it is really obvious. :) Also, as in the last example, if they wanted you to update your vaccine, they could have told you app-wise or homepage-wise.
-Email(Clone) phishing
Email phishing is a phishing that has the longest history among phishing. They contain things like, "Sorry, our system was down and we need to recheck your information. Please go to 000.com and re-type in your information." If these emails come, check the homepage on the internet (by googling or calling them) and see if this information is accurate. Also, check the domain name of the site, because if a phisher had made (hacked) your system so that the real page gets redirected as soon as you go in, you might enter all your info in the phishing site. It is also a good way to have a vaccine that can detect any bad sites from your computer so that your computer is safe. The best way, however, is to not open emails that you're not related to, and mails that come from a person you have never seen.
-Chat phishing
-Have you ever seen the message in the chat room of MSN (MicroSoft Network or Windows Live Messenger) a message that says "Be careful of the request of money..."? (It might be something like "Do not give your credit information to the person you're talking to.." or something like that because I use MSN in a different language. :/) So, chat phishings happen when other people's accounts (who you know) get hacked. The hacker (or phisher) then fakes themselves as that person and may ask you for money. In those cases, the chat almost always start like this;
"Heyy,,. What's up? … So.. I need some money. It's really urgent, so I need it until 1 pm...blahblahblah". In this case, ask the person some(1~4) secrets you share with the person. If the person does not answer or answer broadly, doubt if the person would be the person you actually know. Sometimes, you can troll the phisher back (:D) but not a real smart thing to do.
-App phishing
-App phishings are only related to the Android market(the Google Play), because Apple apps are checked by the Apple team and then published. However, app phishings can also happen in Apple stores (but they're most unlikely to), so I suggest that Apple users read this too.
App phishings are apps that have tools inside the apps to phish out the user's information. The crazy thing here is, you're most likely to not know that you have downloaded a phishing app because phishing apps' outside is a normal app. As you download the app, your google account gets sent to the phisher. As you play the game, and if you buy things via your account, your credit information leaks out. If the game has the ability to access the SD card, the information in your SD card leaks out. So be careful when downloading an app and do not use .apk files from the internet. They might be dangerous.
→Changing the host file -Phishers can change the host files of your computer and lead you to another site even if you clicked on the right link. Check your host file (C:Windows\System32\drivers\etc) and open the file 'host' with the notepad(or put a .txt at the end of file name) if there is weird IPs or domains on the host file, (I don't even know if host files are even needed because of DNS's nowadays) just erase the words and put:
127.0.0.1 localhost
::1 localhost
As I said, I don't even know if host files are necessary these days. Some people say we can now just erase the host file and there won't be any more problems. It's up to your decision :D
→MITM (Man in the Middle)
-In this case, the person can be a cracker or a phisher, but when a client sends information to the server, the phisher in the middle sees the info (literally eavesdrops) and sends the information to the server.
Ex)
Normal: Client sends info(ID/PW)→ Server
Server sends back message(Login success!)→ Client
MITM: Client sends info(ID/PW)→ Cracker (takes a look)→ Server
Server sends back message(Login success!)→ Cracker→ Client
+)Note: There are SO many types of phishing in the world, this is only the most common ones.
I made a PPT to just do a review of this. If you don't want to read the text up there, just have a look at the powerpoint. :)
-Voice (call) phishing
-Voice phishings were common until the smartphones came out. These are the type when you get an urgent call from someone who says things like, "This is the ooobank. We are sorry for your inconvenience but our server was hacked(or whatever) and we need to confirm something. Please tell your personal info,..blahblahblah". The person sounds very professional, like a real bank! So, do I tell him my account information? No. Banks NEVER (NEVER EVER EVER EVER) ask your personal information via calls. Check the caller number, if possible, and end the call and try calling it again. If the number does not exist, it means that the call was a phishing call, because phishers use different numbers every time.
-SMS-phishing (a.k.a. Smishing)
-Smishings are occurring more nowadays, with more accuracy and development. They contain links, which are phishing sites! (Yay!) The most common ones are: "Get a free pizza coupon here! [www.pizzaforfree.com] Enter your address, your ID number, and many more personal info!" or "Your account at OOO is in trouble because of IP changes! Go check!" or "Update your vaccine here: OOO.com". Well, don't. First, companies never ask for your personal information SMS-wise. Also, they won't be needing them! Why would they? They already have your info when you signed up in their database, or in a hard disk, or whatever.. If you get a message like this, think first then act. If you think about it, it is really obvious. :) Also, as in the last example, if they wanted you to update your vaccine, they could have told you app-wise or homepage-wise.
-Email(Clone) phishing
Email phishing is a phishing that has the longest history among phishing. They contain things like, "Sorry, our system was down and we need to recheck your information. Please go to 000.com and re-type in your information." If these emails come, check the homepage on the internet (by googling or calling them) and see if this information is accurate. Also, check the domain name of the site, because if a phisher had made (hacked) your system so that the real page gets redirected as soon as you go in, you might enter all your info in the phishing site. It is also a good way to have a vaccine that can detect any bad sites from your computer so that your computer is safe. The best way, however, is to not open emails that you're not related to, and mails that come from a person you have never seen.
-Chat phishing
-Have you ever seen the message in the chat room of MSN (MicroSoft Network or Windows Live Messenger) a message that says "Be careful of the request of money..."? (It might be something like "Do not give your credit information to the person you're talking to.." or something like that because I use MSN in a different language. :/) So, chat phishings happen when other people's accounts (who you know) get hacked. The hacker (or phisher) then fakes themselves as that person and may ask you for money. In those cases, the chat almost always start like this;
"Heyy,,. What's up? … So.. I need some money. It's really urgent, so I need it until 1 pm...blahblahblah". In this case, ask the person some(1~4) secrets you share with the person. If the person does not answer or answer broadly, doubt if the person would be the person you actually know. Sometimes, you can troll the phisher back (:D) but not a real smart thing to do.
-App phishing
-App phishings are only related to the Android market(the Google Play), because Apple apps are checked by the Apple team and then published. However, app phishings can also happen in Apple stores (but they're most unlikely to), so I suggest that Apple users read this too.
App phishings are apps that have tools inside the apps to phish out the user's information. The crazy thing here is, you're most likely to not know that you have downloaded a phishing app because phishing apps' outside is a normal app. As you download the app, your google account gets sent to the phisher. As you play the game, and if you buy things via your account, your credit information leaks out. If the game has the ability to access the SD card, the information in your SD card leaks out. So be careful when downloading an app and do not use .apk files from the internet. They might be dangerous.
→Changing the host file -Phishers can change the host files of your computer and lead you to another site even if you clicked on the right link. Check your host file (C:Windows\System32\drivers\etc) and open the file 'host' with the notepad(or put a .txt at the end of file name) if there is weird IPs or domains on the host file, (I don't even know if host files are even needed because of DNS's nowadays) just erase the words and put:
127.0.0.1 localhost
::1 localhost
As I said, I don't even know if host files are necessary these days. Some people say we can now just erase the host file and there won't be any more problems. It's up to your decision :D
→MITM (Man in the Middle)
-In this case, the person can be a cracker or a phisher, but when a client sends information to the server, the phisher in the middle sees the info (literally eavesdrops) and sends the information to the server.
Ex)
Normal: Client sends info(ID/PW)→ Server
Server sends back message(Login success!)→ Client
MITM: Client sends info(ID/PW)→ Cracker (takes a look)→ Server
Server sends back message(Login success!)→ Cracker→ Client
+)Note: There are SO many types of phishing in the world, this is only the most common ones.
I made a PPT to just do a review of this. If you don't want to read the text up there, just have a look at the powerpoint. :)
phishingmethods.pptx | |
File Size: | 96 kb |
File Type: | pptx |