Shulou(Shulou.com)06/01 Report--

This article mainly introduces the meaning of phishing in the Internet. It is very detailed and has certain reference value. Friends who are interested must finish reading it.

Phishing is actually one of the many deception methods on the Internet, because its means are basically deceived by users through the Internet, such as fake websites, e-mails, etc., much like the process of fishing in real life, so it is called "fishing on the Internet". Its greatest harm is that it will steal users' bank card account numbers, passwords and other important information, so that users suffer economic losses.

In most cases, these fake websites and pieces are phishing scams, and as long as you click on the links, you will go to fake websites for the purpose of obtaining personal information. Many people are already familiar with the word "phishing". This is a kind of Internet fraud, the purpose of phishing by cyber criminals is to trick users into providing their own sensitive information. Often, phishing scams are designed to collect credit card numbers, account passwords and social security numbers for fake transactions. Other information, such as name, date of birth and address, is used to impersonate identity. There are many forms of phishing, which can be realized through a variety of tools and technologies. The following focuses on the most common tools and techniques used to implement phishing.

1. Link manipulation

Link manipulation is a widely used technology in phishing, which is to trick users into clicking on links and entering fake websites. Generally speaking, many users do not easily click on a link that looks suspicious at a glance. Therefore, hackers have to find ways to manipulate users to click on the link. They generally use the following methods for link manipulation:

1. Use subdomain

This approach is not satisfactory for non-technical users who are not familiar with the concept of subdomains. Suppose you receive an email from a well-known bank, xyz, asking for your voucher and clicking www.xyzbank.user.com. Without a technical background, you would think that this link points to the "user" section of xyz Bank. Actually, it points to the "xyzbank" section of www.user.com. Although the domain name is unique, the subdomain name is not unique, so the domain name owner cannot prevent others from using their own domain name as a subdomain of another domain name. Whether you are technical or not, users should always keep in mind that the URL hierarchy is always arranged from right to left. Therefore, the mail.yahoo.com link points to Yahoo's mail subdomain, while yahoo.mail.com points to mail.com 's Yahoo subdomain.

two。 Hide URL

Another common link manipulation technique is to hide the actual URL under plain text. In other words, the display is not the actual URL, but words such as "click here" or "subscribe", which will take you to the phishing site. But some messages show actual URL links, such as www.americanexpress.com, to make them look more trustworthy. Click on this link to enter actually another website. Another way to hide URL is to use URL simplification tools such as tinyurl or bit.ly.

Nowadays, more and more users are using social media networks, so that anglers can "cast a wide net and collect more fish". Using social media, anglers can easily gain trust, which used to take a lot of effort. People pay attention to the people and services they trust and receive their messages. It may be easy for suspicious users to identify deceptive messages, but in most cases they will muddle through and trick users into clicking.

With just one malicious link, hackers can capture a large number of users overnight. Simplified URL is heavily used in social media, making it difficult to predict the actual address that the link points to. To avoid clicking on a manipulated hidden URL, always remember to hover over the link to see the site you are actually linked to. If the link looks like "fishing", never click it.

3. Misspelled URL

The third link manipulation technology is that hackers use spelling variants of commonly used domain names to apply for domain names, such as facebok.com, googlle.com, yahooo.com, etc., and then build similar websites to deceive users into visiting and providing personal information. This technology is also known as URL hijacking or misplanting domain names. Its advantage is that malicious users do not need to lure users to visit through e-mail, only a small input error can attract a large number of users.

II. International domain name (IDN) homonym spoofing attack

Using this technology, malicious users use similar characters to mislead users to click on the link. For example, users who regularly visit Citibank.com may go to another site of the same name that uses Cyrillic letters instead of Latin letters C. In addition, similar characters may also be used to deceive users. For example, uppercase I (I) and lowercase L (l) look the same, and zero (0) and uppercase o (O) look exactly the same.

1. Website forgery

Website forgery this phishing technology imitates real websites to build malicious websites to trick visiting users into providing sensitive information such as account details, passwords, credit card numbers, and so on. This technology can be implemented in two ways: cross-site scripting and website spoofing.

two。 Cross-site script execution

Cross-site scripting (XSS) means that a hacker executes malicious scripts or content in a legitimate Web application or website. This technique is common and widely used. Instead of targeting specific victims directly, attackers take advantage of vulnerabilities in Web applications or websites visited by users and eventually send malicious scripts to the victim's browser.

Although hackers can also take advantage of XSS in ActiveX or VBScript, JavaScript is the most commonly used, because almost all websites today use JavaScript. For the trick to succeed, the attacker needs to inject content into the web page visited by the victim. In order for users to access web pages, attackers need to use social engineering or link manipulation techniques. Next, the user is required to enter data directly on the fake web page.

The attacker can then insert a string into the web page and the user's browser will recognize the string as code. Once the browser loads the web page, the malicious script is executed, triggering the attack, which the victim knows nothing about.

Although XSS cannot be completely avoided, protection is not impossible. Some browsers have built-in XSS protection, so it is recommended to check the browser's security options and update the browser to the latest version. Some extensions such as Firefox's NoScript offer "allow" and "deny" permission options, and allow users to refuse to open unspecified sites.

3. Website deception

Website fraud is another kind of website forgery technology, which refers to the establishment of false websites similar to legitimate websites to mislead users to visit. Fraudulent websites are similar to legitimate websites in terms of user interface and design, and even URL looks the same. In a hurry, users will mistakenly visit such a website as a legitimate website. Be especially careful if you open a web page by clicking on a link instead of manually entering URL. In the "Link manipulation" section, we have advised users to be careful to hide URL and hover over the link to check whether the link address is the actual URL, just in case.

3. Pop-up window

Pop-up messages are the simplest technique, but they are quite effective for phishing. Using this technology, hackers steal login information by sending pop-up messages to users and guiding them to visit fake websites. This is how a phishing attack called "In-Session Phishing" is carried out: during an online banking session, a pop-up window pretends to be a message sent by the bank.

A typical online fishing scene is as follows:

The user logs in to the online bank account; does not close the current page, opens another window to view other websites; after a while, a message that appears to come from the bank pops up, asking the user to re-enter the user name and password because the previous session has expired; the user has logged on to the bank website before, so he believes it and enters the information directly. Recently, pop-up fishing is very popular, called "pop-up technical support" (Popup Tech Support). Users will suddenly receive pop-up messages when surfing the Internet, notifying that the system is infected and requiring users to contact manufacturers for technical support.

The following picture is an example of this.

To avoid this phishing, try not to reply to automatic pop-up messages without clicking any hyperlinks. In addition, pop-up windows are blocked in browser settings, and immediately exit the bank session and other sensitive accounts after the business process is completed. Best defense tools-SecurityIQ and PhishSimSecurity IQ's PhishSim tools provide many templates. With these templates, users can learn more about actual phishing techniques such as link manipulation and website forgery.

As shown in the following figure, the PhishSim tool shows link manipulation using hidden URL techniques.

The Facebook invitation template shown in the following figure is carefully designed to be no different from the real invitation and is specially provided to PhishSim users.

IV. Conclusion

The fact is that for most people, the most effective way to acquire knowledge is to "do" rather than "learn". The best way to understand phishing methods and techniques is to experience it in a secure and controllable environment. SecurityIQ's PhishSim software provides users with tools to create their own phishing missions, launch attacks on relatives, friends or employees, track the effectiveness of such attacks, and adjust the attack methods in time. By providing phishing safety education for others, users can gain a deeper understanding of the various malicious methods that are tempting to take the bait. Fishing technology continues to improve, defense measures must be constantly updated to actively deal with it.

The above is all the contents of the article "what does phishing in the Internet mean?" Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.