04.2023 Life Guide
Distinguish phishing attack modes and stay away from fraud threats
Far Eastern New Century Corporation / Jian Junru
.jpg)
Phishing techniques have emerged one after another. Following the sharing of BEC email protection fraud in the previous issue, this article will further introduce eight phishing attack modes, taking you to understand how hackers can use human weaknesses to deceive money, steal personal information, and control the host; At the end of the article, a phishing email game created by Google is specially provided, allowing everyone to know themselves and their opponents better through practice and be invincible in every battle.The fraud tactics of hackers mainly involve using email attachments to carry malicious software or files, embedding phishing links in the content, or using text to deceive the recipient's trust and induce them to reply. The following are eight common phishing attack modes--
1. Email phishing: Hackers usually use similar domain names to send emails that make it difficult for the recipient to distinguish between genuine and fake. Once they click on a link or download an attachment, the hidden malicious program will automatically download to the computer and launch an attack; Alternatively, guiding users to connect to fake websites and input account passwords, credit card information, and other information is the most common type of phishing attack among all types. Depending on the target of the scam, it can be further divided into "harpoon phishing attacks" that target specific objects, as well as "whaling attacks" that target high-level administrators.
2. Copy phishing: Hackers will closely monitor the victim's inbox and use the latest received emails for copying. The copied part of the text remains unchanged, and then the malicious code is disguised as an attachment or a link to a fake website is provided, making the recipient lose their guard due to their familiar email account and download the attachment and make payment without hesitation.
3. Social media phishing: Hackers impersonate official social media platforms such as Instagram, LinkedIn, Facebook, and Twitter to create fake login pages. Although most users will redirect to real social media platforms for authentication after logging in, their personal information has already been stolen during the process of logging in to fake platforms.
4. SMS phishing: It is a phishing attack technique using mobile SMS as a platform. Through text messages, users are scammed into obtaining personal information, guided to click on links in the SMS, or made to call customer service numbers provided by hackers. The content of the SMS also combines the latest current events to make the target audience more easily hooked, such as links to counterfeit government relief fund collection plans or counterfeit securities firms' stock buying groups, These are all rampant fraud techniques in recent years.
5. Voice phishing: Hackers may pretend to be someone else, make phone calls to the target person, and even use "Caller ID Spoofing" to change or manipulate the caller ID display, causing people to mistakenly believe that the other person is a legitimate window.
6. Search engine phishing: Hackers intentionally push up the ranking of counterfeit websites in search engines. Due to the similarity of domain names to official websites and the use of low-priced products as bait, users are easily trapped and consume.
7. Website grafting phishing: Hackers hack into the Domain Name System (DNS) cache on the user's computer, guiding the user to counterfeit websites to steal personal information. Due to the intrusion and tampering of the computer operating system, even if the user enters the correct URL in the browser, the screen will still be directed to the phishing website, which is difficult for the user to detect.
8. USB flash drive phishing: Hackers first leave the USB somewhere and label it as "confidential information", guiding the finder to insert it into the computer. Once the USB is inserted, the hidden malicious program will automatically be installed on the computer, ready to launch an attack.
Although phishing attacks are constantly evolving, as long as one remains vigilant, does not impulsively click on any link or download unknown files, does not provide personal and financial information at will, pays more attention to domains and network names, and pays attention to new phishing technologies, they can effectively protect themselves from various online scams.
▶ Click on the link to play fishing games: https://bit.ly/41jrIM5
Image source: Freepik
#
