Hackers+vs+humanity+-+Phishing

Mayorov Ivan Topic: Phishing

1) Phishing is an illigal act of sending an e-mail to the user, which is falicy claiming to be an established legitimate enterprise, to scan the users surrounding privat information that will be used againsed user, so actually allways used for theft. This falesy e-mail direct user to visit a web site where he asked to update or to remain personal information (password, bank account numbers, password for the credit card, name, security, so every thing that thief needs), when every thing is already exists and nothing had heppen. This web site is fake and only steals the information of the user, so later on hacker is getting all that information, which was stolen from different users. 2) By making biasing and falicy accounts, also by sending fraudulent emails, making this think shiny so force people behaviour and attention to klick on the button “check now”. 3) One of the most famous technology to protect user from fraudent emails is an e-mail filtering. This soft ware is filtering letters, emails to find spam and some strange sites. Also it looks at the size of emails and looking for the ziped fies in the e-mail. So actually by filtering all the messages coming into your account you won’t get as many spam messages if you use spam filters. The next program is site blocker many sites are using this type of soft ware. For example Google is using tis type of program to block some falicy sites, that no one would be attacked by virus – bot. This program also uses the same type of the technology to find viruses and bots, ziped files and so on. The last one Antivirus software is used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses. Such programs may also prevent and remove adware, spyware, and other forms of malware. Also they are blocking atacts of bots on your computer and also can destroy them easily. You allways need to have updates on yours computer because som viruses are getting stronger, so security of internet also should be protected. How many files did you send how many files did you get every thing is counted. 4) You should also examine the link provided. Does it really go where it appears to go? Also it is easy to uncover a crude phishing scam (by seing that its grammar or spelling is wrong). But the best way is still to avoid becoming a phishing scam victim is to use your best judgment. No financial institution with any sense will email you and ask you to input all of your sensitive information. The last point try not to pay with uses of internet, try to do it not in virtual life, do it in real one. 5) Pharming is a hackers attack, which aim is to readdress one website to another fake one. It is conducted either by changing the host files on a victims computer or by use of a vulnerability in the DNS (domain name system) also in the user’s computer. 6) Technique 1: If you are not a customer of a company that appears to be sending you an email, ignore it. Technique 2:

Even if you are a customer, never respond directly to an email request from a company for personal or financial information.

Technique 3:

Never go to a web site from a link in an email.

Technique 4:

If an apparently legitimate Web site that you have visited before prompts you for a password, enter an incorrect one first.

Technique 5:

Become familiar with the tricks of the trade so you can spot fraudulent emails.

7) In November and December 2003, phishing attacks vaulted into the spotlight when Visa was targeted. E-mail recipients were asked to confirm their identities as part of a new security system, and they seemed to be directed to the company's legitimate site. When users clicked on the link, however, they were sent to a site that looked like Visa's but did not belong to the company. But now based on the representative sample in its April 2009 survey, CNN believes nearly 11 million people, or 19 percent of the 57 million who received a phishing attack e-mail, clicked on a link in that e-mail. Of those, 1.78 million, or 3 percent, remember giving phishers sensitive financial or personal information, such as credit card numbers or billing addresses. 8) Botnet is collection of a software robots or bots that are running automatically, by being programed. Botnets are the secondary base of phishing. Hackers are using them to hack not only one customer, they contribute many cites and then are waiting for millions of victims, who were caught during visite on some sites. Botnets wre collecting information and automaticly saving and sending it to the haker (black hat). So actually they are small programs which are helping theft and attack users. Phishing also called botnet attacs. 9) Already in 1998, 48% of all computers were having some types of viruses, also 28% of them could be controlled. By 2004, phishing was recognized as a fully industrialized part of the economy of crime. And our days 89% of all computers are getting into these phishing trouble. We are controled by hackers. So phishing is benefiting more and more now. 10) In 2004, spam cost to the US organizations alone more than 10 billion $, including lost productivity and the additional equipment, software, and man power needed to destroy the problem. This crime took global scale that provided components for stiling cash, which were assembled into finished attacks of hackers. The damage caused by phishing was approximately 1.2 million computer users in the US suffered losses caused by phishing, totaling approximately 929 million $. In the UK losses from web banking fraud, mostly from phishing, almost doubled to £23.2 millions in 2005, from £12.2 millions in 2004. 11) The average time spent by victims resolving the problem is about 330 hours. 12) However, there has also been an increase in attack diversity and technical sophistication by the people conducting phishing and online financial fraud. So the trends are: unawareness of threat, unawareness of policy and, of course spam, distributed denial of service (DDoS) and electronic surveillance. 13) Firstly, longer passwords, which containing numbers, letters and symbols, are more safe. Secondly, “strong passwords”, use at least 14 characters or more. The greater the variety of characters in your password, the better. Use the entire keyboard, not just the letters and characters you use or see most often. At the end use yours password cheacker, to evaluate yours password strength automaticaly.

References: www.microsoft.com www.wikipedia.com www.comphelp.ru