A phishing attack can take many forms, if phishing means an attack through email to you, then you need to be aware of the methods that scammers use.
Staying Alert from Phishing Attacks
As security systems continue to improve, phishing remains one of the cheapest and easiest ways for cybercriminals to gain access to sensitive information.
Most people think of “email” when they hear the word “phishing” but when it comes to mobile, phishing attacks could start from SMS, MMS, messaging platforms, and social media apps.
By simply clicking a phishing link through SMS, mail, etc., victims can compromise their personal information and increase the risk of identity theft. How? When the user clicks on the phishing link in the message, they are directed to an imitation of a legitimate website. At this point, the user is prompted to log in by entering their credentials: username and password which is actually a trap.
So if the user is naive enough to execute the request, the information entered will be passed on to the criminal who can use it to steal identities, intercept access to bank accounts and sell personal information on the black market.
URL Padding
It is a lethal technique to fool users by creating fake and believable URLs which appear legitimate on mobile browsers if not paid attention to.
In this technique, hackers use real domains within a larger URL and then pad it with hyphens to hide the real destination in the address bar.
For an example from PhishLabs, take a look at the following URL:
hxxp://m.facebook.com—————-validate—-step9.rickytaylk[dot]com/sign_in.html
Source: PhishLabs
Even though the URL starts with m.facebook.com, which is the legitimate address of your favorite social site, the actual domain is rickytaylk(dot)com.
In addition, hackers also use words like login, secure, account, validate, etc. just after a series of hyphens to make it trustworthy to users.
Since the mobile browser has a tiny address bar and only displays the first part of the URL, users will only see m.facebook.com, followed by an endless stream of dashes. Also note, HTTP has been replaced with HXXP.
Tiny URLs
Though URL shortening is a way to shorten long URLs and hide the purpose of the link simultaneously.
However, there is a certain danger because you don't see or know where the link actually leads until you click on it and are automatically redirected.
It could very well be used by hackers by placing tiny URL links on trusted websites to trick users into visiting less trustworthy or even malicious websites.
Phishing Through Apps
In this, the phishing app replicates the login page of a legitimate mobile banking and payment app.
When the user does not notice it is a fake app and enters his credentials, all his details are then sent to the hackers.
What can you do to Avoid Phishing Attacks?
It is essential for users to be trained to detect potential phishing content.
Users should exercise caution and confirm the authenticity of any unexpected email or message by contacting the apparent sender and making sure to download the apps from the respective AppStore of their mobile OS. While installing any app also make sure to check if it's actually offered by the same company/bank or if it's some similar copy offered by an unknown developer.
Though it's true that even a well-trained and vigilant user may sometimes experience moments of distraction. However, it is therefore essential to always update yourself against such scam techniques to keep your security intact.
Check out the List of Security Tutorials that you would not want to miss.
COMMENTS