Share on social networks
Phishing or identity supplantation, is a computer term attributed to the use of social engineering for the purpose of stealing confidential information, such as passwords, user names, detailed information on credit cards, etc.
The Phisher is a cybercriminal that is made to pass by a company or staff of a trusted organization, via electronic mail or telephone calls.
The term comes from the English word “fishing” (pesca), taking as a metaphor that the users “kill the hook”.
It is said that the first mention of the term pshishing came to light in January 1996, through the hacker news group alt.2600, although it may have appeared in the print edition of the “hacker 2600 Magazine” news bulletin. At that time, the cybercriminals were trying to “fish” AOL accounts.
Nowadays, it is common that phishing attempts are made to clients of banks and online payment services. This is by sending electronic mail pretending to be the institution.
Other media that have gained popularity as targets for phishers are the social networks, in which the pirates steal the information of the users and pretend to be them in the networks.
At the end of 2006, a computer worm managed to steal pages from the MySpace website, making the links redirect to a web page designed to rob users of login information.
Some Phishing techniques are the creation of fake web pages, where you have to log in. El phiser creates a page of some bank for example, with the name HSBC, whose original domain is hsbc.com, with a name like hssbc.com or hsbc.net, with an identical copy of the content of the page, to later send electronic mails using addresses similar to the official ones requesting the users who enter the page to confirm their bank data.
When the user enters the fake page and types their data, the criminals store the data.
There are other methods such as the use of keyloggers, which store the user’s information and send it by email.
Another actual case of phishing is money laundering, in which fictitious companies recruit telecommuters through email, chats or other media, offering them work from home, as well as other great benefits.
The people who accept, if they become victims, know that they are incurring a serious crime.
When the victim accepts the job, he must fill out a registration form, in which he requests his bank account to pay for his services. The fictitious companies, deposit money produced by bank scams by phishing method. The victim, once he accepts everything, becomes what he knows as a woman.
When the company carries out a scam, it sends the money to the supposed employee, of which it remains with a percentage of between 10% and 20%, and the rest is sent back by means of delivery systems to accounts indicated by the company.
Many times, the victim does not know everything about the process and believes he is performing legal work, but he is incurring an illegal act that could cause serious legal problems after complaints by the banking entities.
Faced with the problem and the great increase in phishing cases, companies and security companies have created diffusion methods to prevent users from falling.
Some companies train their employees to avoid falling into electronic mail scams.
It is also recommended to use anti-phishing programs that detect when a web page or email is fraudulent.
The Anti-Phishing Working Group, whose page is www.apwg.org, is an industry and association that applies the law against phishing practices, and suggests that conventional phishing techniques could be obsolete in the future, for the purpose of orientation about social engineering methods used by phishers.
From January 26, 2004, the FTC (Federal Trade Commission) of the United States, brought a preliminary case against a suspected phisher. It was about a teenager from California, who allegedly created and used a web page with a design similar to that of the América Online page, with which he stole credit card numbers.
At the end of March 2005, the authorities arrested a 24-year-old Estonian man, using a backdoor, after the victims visited his fake website, which had a keylogger that allowed him to store what the users typed .
On the other hand, the arrest of the phisher known as Kingpin, Valdir Paulo de Almeida, was carried out, who was a leader of the largest phishing networks that in two years managed to steal between 18 and 37 million US dollars.
Share on social networks