What is phishing? How to protect yourself from phishing scams and other fraudulent actions?

While reading e-mail or browsing the Internet you should always remember about scammers which want to steal your personal information or money, and, as a rule both of it. Such fraud scheme called "phishing".

Phishing is a kind of computer fraud, the main purpose of it, is to fraudulently force the victim to provide the necessary information to swindler. This computer crime is punishable by law.

Today, phishing is one of the most common forms of cybercrime in the world, used for theft of accounts and banking information.

The main danger of phishing is that it can hit every bait - as a computer novice as well as experienced user with years of experience on the Internet.

Fisher is a connoisseur of different strings of the soul of Internet user. Inventing new ways of fraud, he as an experienced psychologist uses in its criminal purposes, our predictable reaction to a variety of information. Here are some types of lures that are used in this criminal "fishing".

  • Bullying - the need to eliminate the cause of fear, to rectify the situation, figure out what the problem is (enter the phone number to get unlock code and fix the problem).
  • The emotional rush - like a gust, based on the desire to participate and get something, and season (pre-holiday) impulse - to make brighter or calmer user’s participation in something, to find emotional harmony (the main motive: "I just cannot miss it ! ').
  • Discipline, obedience (emphasis on education, persuasion, the experience of the victim) - the need to follow the instructions (to establish the proposed program).
  • The need for luck, necessity to feel yourself successful - the desire to win immediately (go to website to win).
  • offend political views / religious beliefs - indignation and the need to express it (go to proposed page).
  • Inattention, carelessness - the tendency to press all the buttons, follow any "advice", participate in any promotions.
  • Curiosity (need to learn new things all the time, a provocation, a feeling that everything is already up to date, something unusual-looking, easily accessible).
  • Popular phishing scheme

    1. The scammer creates a site like two drops of water similar to the official web resource, such as a bank, mail service, or a social network, and with almost the same location, with the only difference being that the fake site is prepared to attack the visitor (e.g., infected).

    2. Then link to this forgery under the guise of an official letter with the offer, for example, to receive a prize or to read an important message sent by e-mail to as many potential victims.

    3. Next, using a variety of tricks scammer tries to get the victim visited an infected site, install on your computer any program, open a file, personally issued passwords to the accounts of social networks, bank account numbers, PIN-codes and much more.

    4. Go to a malicious website received the letter link unsuspecting victim enters their login information into the system.

    5. The input data are sent to the phisher, and trick the user is redirected to this page already organization, not even suspecting something was wrong.

    How to recognize a phishing attack?

    New fraud schemes appear almost every day. You can independently learn to recognize scams, get to know them by some distinctive features.

    Phishing messages can contain:

  • information, alarming, or threat of, for example, closing your bank account;
  • promises of big money benefits with minimal effort or no;
  • details of transactions that are too good to be true;
  • requests for donations on behalf of charities after reports in the news about natural disasters;
  • grammar and spelling mistakes.
  • What to do if you suspect that you are a victim of phishing

    If you suspect that you have responded to a phishing message, specified on personal or financial data, follow these steps to minimize possible damage.

  • Change passwords or PIN-codes in all online accounts that could be compromised.
  • Add a fraud alert in your credit report. If you do not know how to do this, contact your bank or financial advisor.
  • Contact your bank or online store directly. Do not click on links in phishing emails.
  • If you become aware of fraudulent access to the account or accounts you open, close them.
  • Monthly through bank statements and reports on transactions with credit cards, paying attention to the unexplained expenditure or inquiries that you did not initiate.
  • In preparation of this article, KZ-CERT used open source information.