What is Phishing?
Phishing or Spoofing is a computer term or term scam (scam) that names a model of computer abuse and is committed by using social engineering characterized by a scam or a fraudulent way of attempting to acquire sensitive information ( such as user name, password, account, credit card, banking information, identity theft), mainly banking information via email or misleading email that resembles a genuine email (with logos and web addresses) and other techniques such as instant messaging systems, telephone calls or direct you to a web site http://www.mg-jobs.com like to ask for personal information and password, make a purchase and steal all your data and your money. When obtained, fraudsters can log on their behalf, impersonate you and commit fraud in your name.
What does it consist of?
A wide range of software and applications of all kinds that are classified under the category of theft of personal or financial information, some of them are really complex.
• Use of company names already exist as http://www.mg-jobs.com. Instead of creating from scratch the website of a fictitious company, fraudsters take the corporate image and functionality of the web site of an existing company, in order to further confuse the recipient of the message.
• Use the name of a real employee of a http://www.mg-jobs.com company to send an e-Phishing. Thus, if the receiver attempts to confirm the veracity of the mail by calling the company, since it will be able to confirm that the person who claims to speak on behalf of the company is working on it. These emails ask you to click a link that will direct you to a fake website, where you will be asked to enter personal information such as your member ID and password
• Web addresses with the correct appearance. The fraudulent email usually leads the reader to websites that replicate or mimic the look of the company that is being used to steal information. In fact, both the content and web address are false and mimic the actual contents. Even the legal information and other non-vital links can redirect the unsuspecting user to the real web page.
• Fear factor. The window of opportunity for fraudsters is very brief, because once the company that its customers are under this kind of fraudulent practices, the server that hosts the fraudulent web site and used for data collection was reportedly closes in the range of a few days. Therefore, it is essential for the fraudster getting an immediate response by the user object scam. In many cases, the best incentive is threatening a loss, either economic or own existing account, otherwise the instructions in the mail that is received are followed.
• Man-in-the-middle (man in the middle). In this technique, the attacker is between the user and the real website, acting as a proxy. Thus, it is able to hear all communication between them. It is an attack in which the ability to read, insert and modify at will is acquired, messages between two parties without either of them know that the link between them has been violated
How does it work?
The most commonly used mechanism is the generation of a fake email that simulates coming from a certain company as http://www.mg-jobs.com, whose clients is to try to cheat. This message will contain links that point to one or more web pages that replicate in whole or in part the appearance and functionality of the company, which is expected to receiver has a business relationship. If the recipient of the email does have that relationship with the company and is confident that the message actually came from this source, can finish entering sensitive information on a fake form that is located in one of those websites.
How is it distributed?
In terms of distribution, they also have common features:
• In the same way that spam is sent massively and indiscriminately by email or instant messaging systems (SMS):
o The message prompts the user to click on a link that will take you to a page where you must enter your confidential data, with the excuse confirm reactivate your account, etc.
or it is sent as an alert to a financial institution warning of an attack. Includes a link that calls for press and in which personal data of the user that is to defraud request.
• Because the message is distributed en masse, some of the recipients will actually client entity. The message indicated that due to a security problem requires access to a web address where you should reconfirm your data, such as: username, password, number of credit card, PIN, social security number, etc.
• Of course, the link does not lead to any page of the company, but rather to a website (like the original) developed on purpose by scammers and reproducing the corporate image of the financial institution subject to scam. Normally the web address contains the name of the legitimate institution so that the client does not suspect the falsity of the same.
• When the user enters their personal and sensitive data, they are stored in a database and what happens next does not require a great leap of imagination: Scammers use this information to connect to your account and dispose of funds .
The main damage caused by phishing are:
• Identity theft and personal and confidential user data (credit cards, passwords, etc).
• Loss of productivity.
• Resource consumption of corporate networks (bandwidth, saturation mail, etc.).
How I can recognize a message from phishing?
Distinguish a phishing message from some other legitimate may be difficult for a user who has received an email from such features, especially when it is actually client of the financial entity that supposedly comes the message.
• The From field of the message shows a direction of the company in question. However, it is easier for the scammer to modify the source address shown in any e-mail client.
• The email message has logos or images that have been gathered from the actual web site the fraudulent message refers.
• The link shown seems to point to the original site of the company, but actually leads to a fraudulent website, in which user data will be requested, passwords, etc.
• Usually these emails have grammatical errors or exchanged words, which are unusual in the communications of the entity for which they are trying to pass.
All users run the risk of falling victim to these scam attempts. It's really cheap to detail performing an attack of this type and the benefits can be substantial with only a tiny percentage of Success. How I can protect myself from phishing?
If you believe that the received message could be legitimate, something that input should be regarded as highly unlikely, you should first contact the financial institution, by phone or through the medium you use most frequently. Even if so, always check the following before entering any data that may become maliciously used by third parties, to dramatically reduce the risk of a phishing attack:
• Check the source of the information. Do not automatically reply to any email that requests personal or financial information. If you have questions about whether this entity really need the kind of information that asks you, just phone his usual to make sure the source of the contact information.
• Enter address yourself in your Internet browser. Instead of clicking on the hyperlink provided in an email, type the web address directly into the browser or use a bookmark you've created before. Even addresses or links that appear to be correct in emails can hide the path to a fraudulent website.
• Reinforce your security. Users who transact over the Internet should configure your system security suites able to block these threats, apply the latest security patches provided by the manufacturer and ensure that they operate in safe mode through digital certificates or communication protocols safe as https: //
• Review your accounts regularly. Monthly statements are particularly useful for detecting transfers or irregular transactions, both operations have not and are reflected in the extract, such as online transactions and may not appear in the extract.
Fulfilled all these requirements, the user can provide information with reasonable assurance that it will not be used against their interests.
The best way to protect yourself from phishing is to understand the modus operandi of the financial service providers and other entities eligible for such attacks.
If you need to perform online transactions, consider these recommendations:
- Make sure your computer is free from any type of malware (viruses, spyware, rootkits, etc.)
- Never make a transaction from a public place, public phone or Internet cafe.
- The web where you are performing the transaction or 'Payment Gateway' should begin in the address bar with https: // (data encryption).