What is phishing passwords and how to protect yourself from it?

The article describes what phishing passwords are, how it is implemented, what is used by attackers and how to protect themselves from it.

Start

Even some 15 years ago, not everyone could boast of the presence of a home computer, but the fast and unlimited Internet could only dream of. Fortunately, such technologies are developing very quickly, and already in our time no one is surprised by the presence of a PC or access to the Network. Every year digital technologies are becoming more accessible, simple and attractive. Almost all enterprises, institutions and organizations have switched to the electronic form of document circulation, and the range of services provided through the Internet is constantly growing and expanding.

All this leads to the fact that more and more important personal or secret information is concentrated in the virtual space. For example, the data of electronic wallets, passwords to them, etc. Naturally, all this attracts attackers, and for a long time already no one surprises with stories about how hackers are hired, so that they "put" a site of competitors or extracted compromising information.

In addition to the listed values and information, intruders are also interested in the non-material component of it. For example, login and password to an account of some online game, paid service, etc. And often, in addition to the usual virus attack, they use a method such as phishing. So what is phishing passwords and how to protect yourself from it? In this we will understand.

Definition

To begin with, let's talk a little about terminology. The word "phishing" came to us from the English language (English fishing - fishing, fishing). As in the case of real fishing, the meaning of this action is to throw the "bait" to the user and just wait until the last one gets hooked and "merges" the passwords with logins. But what is phishing passwords and how is it technically implemented?

Unlike virus attacks, Trojans, keyloggers and backdoors, phishing passwords are implemented more simply, but at the same time more cunningly, and often users do not notice the dirty trick. So how is this method implemented?

In fact, everything is quite simple. The attacker copies the source code of the page, for example, the authorization of the mail service, and downloads it to his rented hosting, where he, of course, posted his fictitious data. Then he creates the address of this page very similar to the original, for example, if the original address looks like e.mail./login?email, then the fake one looks like e..mail ./ login? Email. As you can see, the difference in a single point, you see, not everyone will notice it. Also, the dummy page is configured so that after entering the data (login and password) they are stored on the hacker's website. So now we know what phishing passwords are.

Naturally, when authorizing, the user will receive an error, but in some cases, in order to enter into an additional error, the attacker creates a script that tells that the login-password link is incorrect and the user redirects to this authorization page.

Protection of passwords against phishing. What is it?

Now we have come to how to protect ourselves from such theft. First, it's never worth to go over suspicious links, especially if these are forms of authorization of some services and other services whose data is important to you. Especially in the event that you have already been authorized there, and the session did not end. Secondly, always pay attention to the address of the page. Naturally, it is made as similar as possible, but there are differences. And thirdly, it is important to remember that on any device with access to the network, which is often used, should be an antivirus, whether it's a PC, tablet or smartphone. All modern versions are able to recognize fake pages.

Well, in addition: many services and services protect themselves from this, it is done by a special page code and scripts, because of which their code can not just be copied and used as a bait.

Mass distribution

Especially strongly this kind of fraud spread around 10 years ago, at that time there was such a thing as a program for password phishing. The meaning of this software was that with its help anyone could easily and quickly create a copy of the page for phishing. Fortunately, now such programs are of little relevance, since the design of authorization forms and their code often changes to prevent the theft of passwords and logins.

The meaning of theft

In our time, the value of electronic data and other information is difficult to underestimate. Understand this and intruders, because in every way they try to get them. And they are interested not only in specific important data, for example, the number of a credit card, passwords for access to electronic purses, but also data of access to mail, social networks, etc.

So now we know what it means to protect passwords against phishing and how important it is.

For example, having access to a page in a social network, a fraudster can learn a lot of compromising information about a person and later engage in his blackmail. And the abundance of services for "hide and seek" on the Internet, anonymous payment systems and so on only simplify it, and to catch such a hacker is very, very difficult. Although in recent years, this is happening more often.

Conclusion

Also at all on hearing popular in recent times a kind of "divorce," when, having acquired passwords, a hacker on behalf of the victim asks her friends to borrow money. So protecting the password from phishing is an important aspect of computer security. It is clearly not worth neglecting it.