Main menu

Pages

What is Phishing? How does it Work? Phishing Examples

What is Phishing?

Phishing is a scam that pretends to be a legitimate email or website from a financial institution and steals a PIN or credit card number. 

The typical methods of phishing

An e-mail with the sender's name as the address of a financial institution's window is sent indiscriminately, and the text contains a guide text prompting you to enter personal information and a link to a Web page. 
Clicking on the link will take you to the official website of the financial institution and a pop-up window for entering personal information.  The site displayed in the main window is "real" and the pop-up page is "fake". When a user who is relieved to see the real thing enters and sends a secret such as a PIN, password, and credit card number in the input form displayed in the pop-up, the information is sent to the criminal.


Phishing attackers use very clever tricks such as using special formatting used in URLs to make it appear as if they are linking to a real domain, or hiding the address bar in a pop-up window. The number of victims who are "fished" is increasing. As a countermeasure against phishing, do not trust the sender field, check if SSL is used to send and receive forms, and call that can be confirmed as legitimate other than the contact method (link etc.) shown in the email for example, you can check whether the guide is genuine from the number or URL. 

Spear phishing

A scam that targets a specific person and steals passwords and personal information by sending fake emails or loading viruses.  Originally a term for fishing, it is a fishing method in which a fish is pierced with a harpoon or a speargun. Unlike ordinary phishing, which targets an unspecified number of users of famous services such as online banking of major banks, it is characterized by investigating the identity of the target and then individually devising a method tailored to that individual.

Spear phishing Examples

For example, send an e-mail to an employee who works at a branch office of a large company, saying, "I am a person in the information system department of the head office, but I need it for investigation, so please tell me your password." It is used to break into the network of the company. In addition, there have been reports of cases of fraudulent business confidential information and intellectual property by pretending to be a boss or a business partner.

What is Pharming

A scam that creates a fake site that looks exactly like the site of a famous financial institution or online shop, guides the user by rewriting the information on the DNS server, and steals the PIN or credit card number. One of the phishing scams.
Normally, to access a website, you enter a URL that includes the domain name, but the domain name is converted to an IP address by a DNS server managed by a telecommunications carrier, etc., and you access the server with the corresponding IP address.

How Does Pharming work

An attacker who performs pharming illegally rewrites the correspondence table of domains and addresses managed by this DNS server (called "DNS cache poisoning"), and tricks the user into returning a fake address when inquiring about the domain. 
The user thinks that he / she is accessing the correct URL of the financial institution he / she is using and is directed to a fake site that looks exactly like the one operated by the attacker, and the information is fraudulently stolen. 

In addition, a file called hosts file that associates the domain with the address is also stored in the personal computer, and there is also a method of guiding to a fake site by rewriting this file using a virus or the like. Phishing is a method of making users "single fishing" by fake guidance emails, etc., but farming is a method of guiding users who use the server to a fake site by sending illegal information to the DNS server.

Pharming Examples

For example, it was named Farming.  The spelling of "pharming" instead of the original "farming" follows the spelling of phishing scams as "phishing" and is said to be derived from "sophisticated".

Comments

table of contents title