For Phishing is a type, among many, of computer scams made via web through which an attacker, woman or man who can be fooled into believing the victim to provide sensitive personal information.
It is an illegal activity that uses a special technique of social engineering, which involves sending, by randomly sending e-mail messages that have the ability to IMITATE perfectly WEBSITES Banks. It is practically a malicious that he tries to get the victims the access password to the account, or passwords that authorize payments or the number of credit card. The term phishing is a fishing variable, which in English means FISH and is influenced by phreaking, and alludes to the use of increasingly sophisticated techniques to ” fish ” for passwords and financial data of a user.
In the introduction, I made a quick description of what is meant and how this can act, Thief web, while in this first step I explain, in detail :
Methodology Of Attack
The main stages are as follows:
1.) The attacker (phishers) sends the hapless user an email message that simulates, graphics and content, that of an institution known to the recipient (for example, your bank, your web provider, an online auction site which is registered).
2.) Almost always it contains notices of special situation’s e-mail or problems occurring with your current account/accounts (eg a huge charge, account expiration, etc.) Or an offer of money.
3.) E-mail asks the recipient to follow a link in the message, to avoid a penalty and/or to regularize his position with the institution or company where the message mimics the graphics and the setting (Fake login).
4.) The link provided does not actually leads to the official web site, but a copy similar to the official website, located on a server controlled by the phisher, in order to request and obtain from the particular personal data recipient, usually under the guise of a confirmation or the need to perform an authentication to the system; this information is stored on the managed server by the phisher and then end up in the hands of the attacker.
5.) The phisher uses this information to purchase goods, transfer money or even as a ” bridge ” for further attacks.
Sometimes, e-mail contains the invitation to make a new ” job opportunities ” (as a financial operator or financial manager), which is to provide the bank’s own online account to receive the credit for sums that are then re -transfer abroad through money transference systems (Western Union or Money Gram), retaining a percentage of the amount, which can reach very high figures. In reality it is the money stolen with phishing, for which the holder of the beneficiary account online, often in good faith, commits the offense of money laundering.
This activity involves the phisher loss of a certain percentage of what he managed to escape, but there is still an interest to disperse the money taken in many current accounts and to re-exchanges in different countries, because then it becomes more difficult to trace the identity of the Cybercrime and reconstructs illicit mechanism.
First care, BANKS DO NOT SEND MAIL! Maximum Recommended sending you, so you do not respond to these emails.