What is a phishing attack? How to prevent phishing in digital currencies?

with difference the most dangerousThe most frequent type of fraud In the world of cyber and digital currencies Phishing Is. The operation of this type of fraud is very simple and this makes it very easy to be fooled. Don't forget when you don't know What is phishing?You get raw more easily!

The goal of hackers and fraudsters in phishing is to obtain your vital information such as username, phone number, password, card number, etc. Join us to review the various methods of hackers in Phishing so as not to be exposed to their dangers.

What is Phishing?

Phishing kind of Cyber ​​fraud and subcategory Social engineering is where criminals try to use a Message Tricksters get their sensitive information. The most important information that criminals phish to obtain is Twelve words of digital currency wallet, Passwords, Credit card information And Bank account details are.

Usually phishing through Forge a website which look like the website address, send emails or SMS and make calls. Phishing agents usually Misleading messages are sent in the form of tempting offers such as cheap purchase of charge cards or winning the lottery or in the form of warning notices such as quick password change or cut off of salary and monthly subsidy in order to grab the sensitive information of users.

What is digital currency phishing?

Phishing in The world of digital currencies And cryptocurrency is similar to Phishing in other areas, only the purpose of hackers is different; In digital currencies, the target of fraudsters and hackers Getting to the wallet recovery wordsHost so that they can finish inventory Delete the user.

Read more: What is a Ponzi scheme?

Lucky rounds, winning prizes of several hundred thousand dollars, and short messages and telegrams about the support of wallets are among the methods that hackers use to reach the information of unsuspecting users everywhere, and you should be careful of such attacks.

History of Phishing

The first phishing attacks in history in the middle The 90s Was performed. At that time, the Internet was available to the public through dial-up. At that time, hackers introduced themselves as representatives of the Internet provider company and took the usernames and passwords of people, connected to the Internet through their accounts, and the cost of the Internet fell to the feet of the lucky user.

Early 2000 During a massive phishing attack, hackers sent an email with the title “Love Bug” They sent to the victims and asked them to read the attached file. When the user saw the text “Please read the love letter I wrote to you”, he couldn't stop himself and opened the text file! This file contained a virus that destroyed system images and was automatically sent to all the victim's email list!

Nowadays, phishing techniques and methods have not changed much and have even increased; Because accessing the Internet and virtual space is much easier than before. Target, Home Depot And Anthem Among the most famous phishing attacks are the last few years.

Types of phishing methods

Phishing has different types and is usually classified based on the target and type of attack. The most famous types of phishing are:

Email phishing

Phishing by email The most common type of phishing Is. By sending an email, the fraudster pretends to be a legitimate person or company and tries to get sensitive information from the victim with deceptive techniques. This method has two modes and the second mode is used more:

• Victims receive an email from the phisher or someone who intends to do phishing, in which the phisher presents himself as a trustworthy person or company and tries to get specific information directly from the victims.
• Victims receive an email from a phisher in which the phisher poses as a trusted site and asks victims to click on a link in the email and enter their information.

Spear Phishing

Spear Phishing Or Targeted phishingattacks a specific person or people, so that the attacker first collects information from his victims and uses them in his messages so that the person trusts more. For example, in his message, he uses name, surname, interests, phone number, etc., so that the victim does not suspect that the email is invalid.

For example, consider these two messages:

• You have won the Bank X lottery.
• Dear Mohammad, you have won the Bank X lottery.

Now, with this explanation, which message do you think is more effective? In which case are the victims most deceived?

Using malicious software

In this method, phishers try to run a program infected with malware on the victim's device. After the malware is activated, criminals can gain access to the victim's computer or mobile phone and grab his sensitive information. Malware is one of the most common phishing tools.

Softwares that contain a link to a fake page are also used for phishing. Controversial software and games, often under obscene titles (eg Conjugator, Pocket satellite and…) are among the most dangerous software used for phishing. After installing the fake software, the victim pays for the service inside the software, unaware that he has given his bank card information to the fraudsters.

SMS phishing

In this method, SMS is used instead of email. The attacker pretends to be a large organization or company and sends SMS to his target. SMS content is written in such a way as to compel the target to directly send information or click on a link. For example, an SMS is sent that you have won a big prize and you have to click on a link to receive it.

Sometimes these text messages are sent as a warning. For example, some time ago, a text message was sent to Iranian people with the content that the user's cash subsidy has been cut off and to re-register, they must enter the link in the text message. After entering the page, users were asked to enter their bank card information.

Read more: What is Honeypot Scam?

Phone phishing

In this method, a fraudster uses various techniques to trick a person into giving out sensitive information. In this method, people's bank card information is usually the final goal.

As an example, not long ago in Iran, a criminal called unsuspecting people from inside the prison and by dragging them to the ATM and deceiving them, he obtained their second password and attempted to empty their account.

Pharming

At Farming attackCybercriminals manipulate a website's hosts files or its Domain Name System (DNS). Therefore, when users enter the correct address to enter the site, they enter a fake page without realizing it, and if they enter information, they present it to hackers. This is one of the most dangerous phishing methods because it is not possible for the user to correctly identify the website address because it is correct.

Gaining trust through search results

In this case, the hacker, using SEO methods or advertising in search engines, brings up a fake website in the results, and unsuspecting users from all over the world click on the initial results and enter their personal information in a malicious site. Of course, these days, big search engines like Google are fighting phishing schemes, but sometimes these sites also face problems in identifying these phishing websites.

Similar fake address and page

In this method, the fraudster uses the same address as the original site to trap users who accidentally enter the wrong site address or to mislead users in their fake emails.

For example, Amazon's website address is Amazon.com. The criminal buys the Arnazon.com domain (note the letters r and n, which are similar to m) and sets up a site that looks like Amazon's site on it. By doing this, if users enter the Arnazon.com site by mistake, thinking that they are on the main Amazon site, they give their user information to the fraudster.

Penetration through communication networks

This type of phishing requires high technical knowledge in hacking and infiltrating communication networks, in which a hacker, by manipulating a healthy connection, gets between the source and destination of data and gains access to exchange data.

Another type of phishing is the use of wireless connections, where the hacker creates an access point (for example, fake wifi), traps users and asks them to enter their personal information, for example, to use free internet. do

Types of digital currency phishing

• Fake address or fake exchange/wallet page: For example, Binance at Binance.com is a reputable exchange. Not long ago, a hacker created the bïnance.com domain and stole a lot of money from Latin users who entered the address by mistake.
• Fake wallets and trading software: In a few other cases, it has been observed that fraudulent wallet programs have stolen hundreds of thousands of dollars in digital currency, with users of the fake wallet sending their assets to an address on the wallet, unaware that the address is It belongs to the hacker.
• Phishing malware in digital currencies: The most common malware used to steal your digital currencies is called “Trojan”. After running on the victim's system, the Trojan can send the user's inputs, especially on the keyboard, to the hacker. For example, if a Trojan is active in your system, after typing the password to enter the wallet, the hacker will also know your password and can easily transfer your assets to his own wallet.
• Free digital currency projects: Scams that promise users free cryptocurrencies are a good phishing tool. Usually, these schemes promise users that they will pay free digital currency in exchange for simple tasks such as joining the site or inviting new people. This is despite the fact that in the end they do not pay any digital currency

Ways to prevent phishing

It can be said without exaggeration that in nearly 99% of cases, the main culprit of phishing is the user himself, because it can be avoided with a little more thought and attention. Always carefully check incoming messages, calls or websites where you are about to enter your sensitive information. Don't let a tempting offer or sense of danger take over your logic.

• Check out the links: On any website where you need to enter sensitive information, check the website address carefully and pay attention to all its characters. Don't click on links that start with HTTP and make sure it's HTTPS.
• Do not trust advertising results in search engines: The results that are displayed to you in the form of advertisements in search engines such as Google are distinguishable from other results. Advertising results that have the word Ad next to them are one of the old ways to do phishing. By paying a fee, phishers can raise their fake page in search engines.
• Do not install unauthorized software: Get the software you need only from official and reliable sources and avoid installing suspicious software from unofficial sources such as social networks (such as Telegram channels and groups).
• Update browsers and install antiviruses seriously: Updating your web browsers and installing anti-viruses will go a long way in preventing phishing. Famous web browsers such as Chrome, Firefox and Opera continuously improve their anti-phishing algorithms in their new versions. Antiviruses are also very useful in fighting phishing malware.

What to do to complain about internet fraud?

If you are a victim of phishing attacks or any kind of social engineering scams, first make copies of all available documents. Any data can be useful at this point. For example, phone number, card number, the page you entered, chats, etc. are all important.

The next step is to call the police. FATA Police is responsible for following up on internet frauds and such attacks and has experience in combating them; For this reason, call the police first and give them all the necessary information.

Complaining about Internet fraudsters is laborious and time-consuming and has many steps; This is because the identity of people is generally not known and the documents of users are not complete. But this issue should not be an obstacle for your complaint and follow-up.

Punishment for phishing in Iran

Phishing punishment has been clarified in the computer crime law. These penalties include:

Frequently asked questions