What is a phishing attack? How to prevent phishing in digital currencies?

with difference the most dangerousThe most freque type of fraud In the world of cyber and digital currencies Phishing Is. The operation of this type of fraud is very simple and this makes it very easy to be fooled. Don't forget when you don't know What is phishing?You get raw more easily!

The goal of hackers and fraudsters in phishing is to obtain your vital information such as username, phone number, password, card number, etc. Join us to review the various methods of hackers in Phishing so as not to be exposed to their dangers.

What is Phishing?

Phishing kind of Cyber ​​fraud and subcategory Social engineering is where criminals try to use a Message Tricksters get their sensitive information. The most importa information that criminals phish to obtain is Twelve words of digital currency wallet, Passwords, Credit card information And Bank accou details are.

Usually phishing through Forge a website which look like the website address, send emails or SMS and make calls. Phishing ages usually Misleading messages are se in the form of tempting offers such as cheap purchase of charge cards or winning the lottery or in the form of warning notices such as quick password change or cut off of salary and mohly subsidy in order to grab the sensitive information of users.

What is digital currency phishing?

Phishing in The world of digital currencies And cryptocurrency is similar to Phishing in other areas, only the purpose of hackers is differe; In digital currencies, the target of fraudsters and hackers Getting to the wallet recovery wordsHost so that they can finish inveory Delete the user.

Read more: What is a Ponzi scheme?

Lucky rounds, winning prizes of several hundred thousand dollars, and short messages and telegrams about the support of wallets are among the methods that hackers use to reach the information of unsuspecting users everywhere, and you should be careful of such attacks.

History of Phishing

The first phishing attacks in history in the middle The 90s Was performed. At that time, the Iernet was available to the public through dial-up. At that time, hackers iroduced themselves as represeatives of the Iernet provider company and took the usernames and passwords of people, connected to the Iernet through their accous, and the cost of the Iernet fell to the feet of the lucky user.

Early 2000 During a massive phishing attack, hackers se an email with the title “Love Bug” They se to the victims and asked them to read the attached file. When the user saw the text “Please read the love letter I wrote to you”, he couldn't stop himself and opened the text file! This file coained a virus that destroyed system images and was automatically se to all the victim's email list!

Nowadays, phishing techniques and methods have not changed much and have even increased; Because accessing the Iernet and virtual space is much easier than before. Target, Home Depot And Ahem Among the most famous phishing attacks are the last few years.

Types of phishing methods

Phishing has differe types and is usually classified based on the target and type of attack. The most famous types of phishing are:

Email phishing

Phishing by email The most common type of phishing Is. By sending an email, the fraudster pretends to be a legitimate person or company and tries to get sensitive information from the victim with deceptive techniques. This method has two modes and the second mode is used more:

• Victims receive an email from the phisher or someone who iends to do phishing, in which the phisher preses himself as a trustworthy person or company and tries to get specific information directly from the victims.
• Victims receive an email from a phisher in which the phisher poses as a trusted site and asks victims to click on a link in the email and eer their information.

Spear Phishing

Spear Phishing Or Targeted phishingattacks a specific person or people, so that the attacker first collects information from his victims and uses them in his messages so that the person trusts more. For example, in his message, he uses name, surname, ierests, phone number, etc., so that the victim does not suspect that the email is invalid.

For example, consider these two messages:

• You have won the Bank X lottery.
• Dear Mohammad, you have won the Bank X lottery.

Now, with this explanation, which message do you think is more effective? In which case are the victims most deceived?

Using malicious software

In this method, phishers try to run a program infected with malware on the victim's device. After the malware is activated, criminals can gain access to the victim's computer or mobile phone and grab his sensitive information. Malware is one of the most common phishing tools.

Softwares that coain a link to a fake page are also used for phishing. Coroversial software and games, often under obscene titles (eg Conjugator, Pocket satellite and…) are among the most dangerous software used for phishing. After installing the fake software, the victim pays for the service inside the software, unaware that he has given his bank card information to the fraudsters.

SMS phishing

In this method, SMS is used instead of email. The attacker pretends to be a large organization or company and sends SMS to his target. SMS coe is written in such a way as to compel the target to directly send information or click on a link. For example, an SMS is se that you have won a big prize and you have to click on a link to receive it.

Sometimes these text messages are se as a warning. For example, some time ago, a text message was se to Iranian people with the coe that the user's cash subsidy has been cut off and to re-register, they must eer the link in the text message. After eering the page, users were asked to eer their bank card information.

Read more: What is Honeypot Scam?

Phone phishing

In this method, a fraudster uses various techniques to trick a person io giving out sensitive information. In this method, people's bank card information is usually the final goal.

As an example, not long ago in Iran, a criminal called unsuspecting people from inside the prison and by dragging them to the ATM and deceiving them, he obtained their second password and attempted to empty their accou.

Pharming

At Farming attackCybercriminals manipulate a website's hosts files or its Domain Name System (DNS). Therefore, when users eer the correct address to eer the site, they eer a fake page without realizing it, and if they eer information, they prese it to hackers. This is one of the most dangerous phishing methods because it is not possible for the user to correctly ideify the website address because it is correct.

Gaining trust through search results

In this case, the hacker, using SEO methods or advertising in search engines, brings up a fake website in the results, and unsuspecting users from all over the world click on the initial results and eer their personal information in a malicious site. Of course, these days, big search engines like Google are fighting phishing schemes, but sometimes these sites also face problems in ideifying these phishing websites.

Similar fake address and page

In this method, the fraudster uses the same address as the original site to trap users who accideally eer the wrong site address or to mislead users in their fake emails.

For example, Amazon's website address is Amazon.com. The criminal buys the Arnazon.com domain (note the letters r and , which are similar to m) and sets up a site that looks like Amazon's site on it. By doing this, if users eer the Arnazon.com site by mistake, thinking that they are on the main Amazon site, they give their user information to the fraudster.

Penetration through communication networks

This type of phishing requires high technical knowledge in hacking and infiltrating communication networks, in which a hacker, by manipulating a healthy connection, gets between the source and destination of data and gains access to exchange data.

Another type of phishing is the use of wireless connections, where the hacker creates an access poi (for example, fake wifi), traps users and asks them to eer their personal information, for example, to use free iernet. do

Types of digital currency phishing

• Fake address or fake exchange/wallet page: For example, Binance at Binance.com is a reputable exchange. Not long ago, a hacker created the bïnance.com domain and stole a lot of money from Latin users who eered the address by mistake.
• Fake wallets and trading software: In a few other cases, it has been observed that fraudule wallet programs have stolen hundreds of thousands of dollars in digital currency, with users of the fake wallet sending their assets to an address on the wallet, unaware that the address is It belongs to the hacker.
• Phishing malware in digital currencies: The most common malware used to steal your digital currencies is called “Trojan”. After running on the victim's system, the Trojan can send the user's inputs, especially on the keyboard, to the hacker. For example, if a Trojan is active in your system, after typing the password to eer the wallet, the hacker will also know your password and can easily transfer your assets to his own wallet.
• Free digital currency projects: Scams that promise users free cryptocurrencies are a good phishing tool. Usually, these schemes promise users that they will pay free digital currency in exchange for simple tasks such as joining the site or inviting new people. This is despite the fact that in the end they do not pay any digital currency

Ways to preve phishing

It can be said without exaggeration that in nearly 99% of cases, the main culprit of phishing is the user himself, because it can be avoided with a little more thought and atteion. Always carefully check incoming messages, calls or websites where you are about to eer your sensitive information. Don't let a tempting offer or sense of danger take over your logic.

• Check out the links: On any website where you need to eer sensitive information, check the website address carefully and pay atteion to all its characters. Don't click on links that start with HTTP and make sure it's HTTPS.
• Do not trust advertising results in search engines: The results that are displayed to you in the form of advertisemes in search engines such as Google are distinguishable from other results. Advertising results that have the word Ad next to them are one of the old ways to do phishing. By paying a fee, phishers can raise their fake page in search engines.
• Do not install unauthorized software: Get the software you need only from official and reliable sources and avoid installing suspicious software from unofficial sources such as social networks (such as Telegram channels and groups).
• Update browsers and install aiviruses seriously: Updating your web browsers and installing ai-viruses will go a long way in preveing phishing. Famous web browsers such as Chrome, Firefox and Opera coinuously improve their ai-phishing algorithms in their new versions. Aiviruses are also very useful in fighting phishing malware.

What to do to complain about iernet fraud?

If you are a victim of phishing attacks or any kind of social engineering scams, first make copies of all available documes. Any data can be useful at this poi. For example, phone number, card number, the page you eered, chats, etc. are all importa.

The next step is to call the police. FATA Police is responsible for following up on iernet frauds and such attacks and has experience in combating them; For this reason, call the police first and give them all the necessary information.

Complaining about Iernet fraudsters is laborious and time-consuming and has many steps; This is because the ideity of people is generally not known and the documes of users are not complete. But this issue should not be an obstacle for your complai and follow-up.

Punishme for phishing in Iran

Phishing punishme has been clarified in the computer crime law. These penalties include:

Frequely asked questions