What is Phishing?
Phishing is a scam that pretends to be a legitimate
email or website from a financial institution and steals a PIN or credit card
number.
The typical methods of phishing
An
e-mail with the sender's name as the address of a financial institution's
window is sent indiscriminately, and the text contains a guide text prompting
you to enter personal information and a link to a Web page.
Clicking on the link will take you to the official website of the financial
institution and a pop-up window for entering personal information. The
site displayed in the main window is "real" and the pop-up page is
"fake". When a user who is relieved to see the real thing enters
and sends a secret such as a PIN, password, and credit card number in the input
form displayed in the pop-up, the information is sent to the criminal.
Phishing attackers use very clever tricks such as using special formatting used
in URLs to make it appear as if they are linking to a real domain, or hiding
the address bar in a pop-up window. The number of victims who are
"fished" is increasing. As a countermeasure against phishing, do not
trust the sender field, check if SSL is used to send and receive forms, and
call that can be confirmed as legitimate other than the contact method (link
etc.) shown in the email for example, you can check whether the guide is
genuine from the number or URL.
Spear phishing
A scam that targets a specific person and steals passwords and personal information by sending fake emails or loading viruses. Originally a term for fishing, it is a fishing method in which a fish is pierced with a harpoon or a speargun. Unlike ordinary phishing, which targets an unspecified number of users of famous services such as online banking of major banks, it is characterized by investigating the identity of the target and then individually devising a method tailored to that individual.Spear phishing Examples
For example, send an e-mail to an employee who works at a branch office of a large company, saying, "I am a person in the information system department of the head office, but I need it for investigation, so please tell me your password." It is used to break into the network of the company. In addition, there have been reports of cases of fraudulent business confidential information and intellectual property by pretending to be a boss or a business partner.What is Pharming
A
scam that creates a fake site that looks exactly like the site of a famous
financial institution or online shop, guides the user by rewriting the
information on the DNS server, and steals the PIN or credit card number. One of
the phishing scams.
Normally, to access a website, you enter a URL that includes the domain name,
but the domain name is converted to an IP address by a DNS server managed by a
telecommunications carrier, etc., and you access the server with the
corresponding IP address.
How Does Pharming work
An attacker who performs pharming illegally rewrites the correspondence table of domains and addresses managed by this DNS server (called "DNS cache poisoning"), and tricks the user into returning a fake address when inquiring about the domain.The user thinks that he / she is accessing the correct URL of the financial institution he / she is using and is directed to a fake site that looks exactly like the one operated by the attacker, and the information is fraudulently stolen.
In addition, a file called hosts file that associates the domain with the address is also stored in the personal computer, and there is also a method of guiding to a fake site by rewriting this file using a virus or the like. Phishing is a method of making users "single fishing" by fake guidance emails, etc., but farming is a method of guiding users who use the server to a fake site by sending illegal information to the DNS server.
Pharming Examples
For
example, it was named Farming. The spelling of "pharming"
instead of the original "farming" follows the spelling of phishing
scams as "phishing" and is said to be derived from
"sophisticated".
Comments
Post a Comment