According quarterly Internet Threats Trend Report Commtouch, an average of 97 billion spam, phishing, and emails malware loaded were sent around the world every day in the first quarter of 2013. the team prepared for emergencies in the United States Computer (US-CERT) defines how phishing next:
"phishing is an attempt by an individual or group to solicit personal information from unsuspecting users using social engineering phishing emails are made. appear as if they were sent from a legitimate organization or a known person. These emails often try to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. the user may then be asked to provide personal information, such as account user names and passwords, which may further expose them to future compromises. In addition, these fraudulent websites may contain malicious code. "
More and more people continue to rely on the Internet as a communication tool, hackers and cybercriminals are developing and using phishing strategies increasingly adept at stealing sensitive information account, money, and even entire identities of unsuspecting victims online.
If you regularly use the Internet to communicate with family and friends, shopping, manage your bank accounts, or read the news, it is important that you take the time to learn how to prevent cybercriminals and hackers from accessing and stealing your private information.
later in this article, we will describe how recognize a phishing message in four simple steps.
is that the message contains information that could be found on social media sites or your personal website
you can not always remember, but give you a lot of personal information when you sign up for accounts on social media sites like Facebook and Twitter. To gain the trust of their victims, hackers and other cybercriminals often use personal information (name, email address, hobbies, interests, employer) that can be easily found and accessible on popular social networking sites.
This is part of a tactic that many Internet security experts call social engineering . According to US-CERT, "in a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems."
The first step in the recognition of a potentially malicious phishing message is to pay attention to the personal information used in the content or subject of the email. If the information used is obsolete (a reference to a former employer), are no longer relevant (you moved cities, but you have not yet updated on Facebook), or look special in any way, be careful of email.
Is that the message contains suspicious URL or spelling?
The second step in recognizing a phishing message is to determine if the message contains URLs or suspicious misspellings. Most legitimate companies and organizations that send e-mails on a regular basis will take time to read the copy before sending a message to subscribers. If you receive or open an email that contains misspelled words obvious, there is a good chance that it is not legitimate.
The same is true for unknown URLs or difficult to read in the copy of the email. On one page in the Safety & Security Center section of their website, Microsoft offers the following tips on how to identify potentially malicious URLs in email messages suspects:
"If you see a link in a message suspicious email, do not click on it. Rest your mouse (but do not click) on the link to see if the address is the link that was typed in the message."
This is an important step to take before you click on the URL you see in the body of an email. Although URL may seem familiar at first, you need to check carefully to see if it is actually related to the same destination.
Is that the message mentions a reference to the event or pop culture today timely?
According to the quarterly Internet Threats Commtouch Trend Report, hackers often use hot topics of the day or week to lure recipients to open emails or clicking on links . The same can be true for references to popular culture and related stories.
The third step in recognizing a phishing message is to determine why you receive information about current events (did you register for news digests emailed?), That information comes (is the message from a source you know and trust), and if the URLs in the body of the email are safe to click. If you receive an email with a subject line inciting a history of recent news, but you do not remember to sign to receive updates like sitting in your inbox, do not open the E-mail.
If the message appears to be from a person or company you know, is it really sound or look like them?
Although email may appear to be a person or company, you know, it is always important to be careful when opening e-mail or by clicking on the links in the copy. As mentioned above, hackers often use social engineering tactics to win your trust. Always check the email address of the sender before clicking on links or downloading attachments. Although the name of the sender appears to display correctly in your inbox, you should always take the time to check the actual e-mail address from which the message was sent. If this sounds familiar, delete it to prevent clicking on malicious links or downloading any dangerous material.
You must also be careful of all the links in the emails that take you to login pages. Logos and the appearance of legitimate websites are easy for hackers to copy. To get you to give your private login information to secure sites (eg. The bank), hackers and cybercriminals will include a link to a fake website that looks almost identical to the real thing.
A security article Yahoo! recommends to pay attention to the name that appears on a site that you think might be wrong. The article states, "Often the Web address of a phishing site looks good, but actually contains a lack of common spelling of the company name or a character or symbol before or after the company name. Beware of tricks such as substituting the number "1" for the letter "l" in a Web address (for example, instead of www.paypa1.com www.paypal.com). "
The fourth step in recognizing a phishing message is to be aware of where e-mail is actually coming from, and pay attention to all unknown design changes on login pages that you used to visit
SMiShing. a new threat to watch
an increasing number of victims are plagued phishing attacks that occur on their mobile devices. According to T-Mobile Privacy & security Resources section "," SMiShing "is really just another form of phishing occurs when a fraudster sends you an SMS / text asking you to provide sensitive, personal and / or financial information through a Web link and false website, or a phone number. "
to learn more about how to protect against smishing attacks click here .
0 Komentar