Phishing

What is phishing?
• Have you ever received an email
from a bank or other popular
online service that asked you to
"verify" your account
information, credit card number,
or other sensitive information? If
so, you already know what a
phishing attack looks like. The
purpose of phishing is to obtain
valuable data that can be sold or
used for malicious purposes,
such as extortion, theft of money
or personal data.
• The concept of phishing was first described in 1987 in a
conference paper entitled "System Security: Hacker
Prospects." The document described the technique of attackers,
which is to imitate reputable organizations or services. The
word itself is a homophone of the English word "fishing",
because the technique uses the same logic of "catch".
How to recognize phishing?
• The e-mail may contain official logos or
other features of a reputable organization.
Here are some tips to help you detect a
phishing message.
1. General or informal greetings - letters 4. Unexpected messages - any unplanned
without personalization (for example, contact with the bank should arouse
"Dear Customer") and formalities, suspicion.
should arouse suspicion. The same goes
5. Urgency - phishing messages often try to
for pseudo-personalization using
random, fake links. evoke a sense of urgency, leaving
victims less time to think.
2. Request for personal information is often
used by cybercriminals, but banks, 6. An offer that is hard to refuse - if the
financial institutions and most online letter is too good to be true, it is
services try to avoid it. probably phishing.
3. Incorrect grammar - spelling and typos,
as well as unusual phrases can often
mean danger (but the absence of errors is
not proof of legitimacy).
How to protect yourself from phishing?
To avoid such attacks, pay attention to the signs described
above, which can be used to detect phishing messages.
• Do not click on suspicious buttons
• Learn about new phishing methods: and links: If a suspicious message
read the media for new information contains links or attachments, do not
about phishing attacks, as click or download content. This can
cybercriminals are constantly finding lead to a malicious website or infect
new methods to extract user data. your device.
• Do not send credentials: Be • Check your accounts regularly: Even
especially careful when allegedly if you don't suspect that someone is
verified organizations request your trying to steal your credentials, check
credentials or other sensitive your banking and other online
information in an email. If necessary, accounts for suspicious activity.
check the content of the message, the • Use a robust solution to protect
sender or the organization they against phishing attacks. Following
represent. these guidelines will help you enjoy
safety.
Known examples
Systematic phishing attacks began on
America Online (AOL) in 1995. To steal
legitimate credentials, attackers
contacted victims through AOL Instant
Messenger (AIM), posing as AOL
employees who verified user passwords.
The term "phishing" appeared in the
Usenet newsgroup, which focused on the
AOHell tool that automated this method,
and so the name took hold. After AOL
introduced countermeasures in 1997,
cybercriminals realized they could use
the same technology in other industries,
including financial institutions.