The article describes what password phishing is, how it is carried out, what is used by cybercriminals and how to protect yourself from it.
Start
Only some 15 years ago, far from everyone could boast of having a home computer, and they could only dream of a fast and unlimited Internet. Fortunately, such technologies are developing very quickly, and nowadays you will not surprise anyone with a PC or access to the Network. Every year, digital technology is becoming more accessible, simple and attractive. Almost all enterprises, institutions and organizations have switched to electronic document management, and the range of services provided via the Internet is constantly growing and expanding.
All this leads to the fact that more and more important personal or secret information is concentrated in the virtual space. For example, the data of electronic wallets, passwords to them, etc. Naturally, all this attracts intruders, and for a long time no one will be surprised at the stories about how hackers are hired so that they "put" the site of competitors or obtained incriminating information.
In addition to the listed values and information, attackers are also interested in its intangible component. For example, the login and password for the account of some online game, paid service, etc. And often, in addition to the usual virus attack, they use a method such as phishing. So what is password phishing and how to protect yourself from it? This we will understand.
Definition
First, let's talk a little about terminology. The word "phishing" came to us from the English language (English fishing - fishing, fishing). As in the case of real fishing, the meaning of this action is to throw a “bait” to the user and just wait until the latter gets on the hook and “merges” passwords with logins. But what is password phishing and how is it technically implemented?
Unlike virus attacks, trojans, keyloggers and backdoors, password phishing is more simple, but at the same time more cunning, and often users don’t notice the catch at all. So how is this method implemented?
In fact, everything is quite simple. The attacker copies the source code of the page, for example, the authorization of the mail service, and uploads it to his rented hosting, where, of course, he posted his dummy data. Then he creates the address of this page very similar to the original one, for example, if the authentic address looks like e.mail./login?email, then the fake one looks like e..mail. / Login? Email. As you can see, the difference is only one point, you see, not everyone will notice it. Also, the dummy page is configured so that after entering the data (login and password), they are saved on the hacker's site. So now we know what password phishing is.
Naturally, during authorization, the user will receive an error, but in some cases, in order to mislead, the attacker creates a script that reports that the login-password combination is incorrect, and the user is redirected to the real authorization page.
Password protection against phishing. What is it?
Now we come to how to protect ourselves from such theft. Firstly, you should never click on suspicious links, especially if these are forms of authorization of some services and other services whose data is important to you. Especially if you were already logged in there and the session did not end. Secondly, always pay attention to the page address. Naturally, it is made as similar as possible, but differences still exist. And thirdly, it is important to remember that on any device with access to the Network that is often used, there should be an antivirus, whether it be a PC, tablet or smartphone. All modern versions can recognize fake pages.
Well and additionally: many services and services themselves protect themselves from this, this is done with a special page code and scripts, because of which their code cannot simply be copied and used as a decoy.
Mass distribution
This type of fraud was especially prevalent about 10 years ago, while at that time there was such a thing as a program for password phishing. The meaning of this software was that with its help anyone could easily and quickly create a copy of the page for phishing. Fortunately, now such programs are of little relevance, since the design of authorization forms and their code is often changed to prevent theft of passwords and logins.
The meaning of theft
Nowadays, the value of electronic data and other information is difficult to underestimate. Attackers also understand this, because they are trying in every possible way to get them. Moreover, they are interested not only in specific important data, for example, credit card number, passwords for access to electronic wallets, but also data for access to mail, social networks, etc.
So now we know what password protection against phishing means and how important it is.
For example, having gained access to a page on a social network, a fraudster can find out a lot of incriminating information about a person and later engage in blackmail. And the abundance of services for "hide and seek" on the Internet, anonymous payment systems, etc. just simplify this, and to catch such a hacker is very, very difficult. Although in recent years this has been happening more and more.
Conclusion
Also, everyone has recently heard a popular form of “divorce,” when, having obtained passwords, a hacker, on behalf of the victim, asks her friends to borrow money. So protecting your password against phishing is an important aspect of computer security. It is clearly not worth neglecting it.