How Hackers... Go Phishing
By
Staten Island, NY Posted: 1/3/2017 1:00:00 AM
Real hacking is nothing like what you see in TV and movies. Most of it is done through Phishing.
When most people think of hacking, the image that comes to mind is of a computer expert banging away at the keyboard tearing down firewalls and security systems at a breakneck pace, just like they've seen a thousand times in movies and TV shows. The truth of the matter is that REAL hacking is nothing at all like that.
Computer security is very sophisticated, so it's not easy for a hacker to break into your accounts using those kinds of techniques, especially since most online accounts limit the number of failed attempts so that they can only make a few wrong guesses before they're blocked for a while. Because of that, Hackers use another approach... Instead of trying to crack your passwords, they simply find some way to fool you into giving it to them. That's called Phishing.
Phishing comes in quite a few forms, and it's the most common way for somebody to break into a victim's accounts. Most of the time, Phishing is done by sending a fake email that fools the recipient into thinking it's from a legitimate sites like Gmail, Facebook, banks, or credit card companies. This step is pretty simple, most of the time all a hacker needs to do is copy the look of a real email from one of those companies and many people can't tell the difference.
If the recipient is fooled by the email, there's a good chance they'll click a link in the email to try to access their account. Unfortunately, when they click the link, they're not taken to the site they expected, but are taken to a fake site that LOOKS exactly like the original. Unless the victim looks carefully at the URL in the browser, they have no idea that they're not on the real site, so they follow the steps they usually do to find the login link.
After clicking the login link, they see what looks like their regular login page, asking for the ID and password, so they enter their actual ID and password. Since the site is a fake, what they've actually done is given their ID and password to a criminal. To hide their tracks, after hitting the submit button (and stealing the password), they may redirect the victim to the real site, and the victim will have no idea they've just been hacked.
That's the essence of Phishing. Basically, they bait the victim, and wait for them to bite. Sometimes the bait is just a bland email saying something like "please verify your account", or in other cases, they may put a more urgent message in the email such as "Security alert... You need to change your password...", but the main objective is the same, fool the victim into following the link and giving them their password.
As far fetched as this may seem, it was this exact technique that played a huge role in the 2016 Presidential Election, when a hacker sent just such an email to a Hilary Clinton staff member asking them to change their password. The funny thing is they asked an IT staffer to confirm it was a valid email and the staffer claims he made a typo when he wrote "it's valid", when in fact he claims he meant to write "it's invalid". In either case, the bait was taken. The password was stolen, and thousands of Clinton emails were leaked to WikiLeaks.
It's important to point out that Phishing isn't limited to just emails. Some hackers use the phone or regular mail to try to trick you into divulging security information.
The key is to be informed, be alert, and take steps to prevent it from happening to you.
1. If you get an email, phone call or even regular mail asking for you to update your security information or enter your password, avoid the temptation to click the links or take action. When in doubt, just delete it, hang up the phone or throw it out.
2. Even if you think a communication is real, ignore it and go directly to the site in your browser without using the link. If the site actually does need you to change your password, it will ask you when you log in, but under no circumstances should you use the links in the email.
3. Whenever you visit a site, make sure it has the right domain in the URL box. Sites that require a password usually start with HTTPS before the domain instead of HTTP, so you should look for that, and in some browsers, it will also show you the name of the company that runs it.
The best defense against Phishing is to turn on 2-Step Logins, sometimes called 2-Step Validation or Multi-step verification.
A lot of sites offer 2-step validation these days because it means that whenever you log in, the site will send you a 6 digit number on your mobile phone that you need to enter in addition to the password. Since the hacker does not have access to your mobile phone, they can't get in, even if they have your password.
Joe Crescenzi, Founder
(Reply N/A) (Edit Topic N/A)
(Like Topic N/A) [0 ] 5823 Views
Related Posts
Computing(108)Hacking(4)Internet(16)Online Security(6)Phishing(1)
Top 25 Posts
* Note: The ideas on "Idea of the Day" were posted without any formal research into existing inventions.
In some cases, patents may already exist for these ideas, in other cases, there may not be any existing patents and you are free to develop and explore the viability of developing and patenting the ideas.
The authors make no claim that any of the ideas are safe, practical, or suitable for any particular purpose. You are responsible for the results of trying, developing, patenting or using any of the ideas on this site.
For some people, our ideas are just an interesting read, but our goal is to encourage you to take action. If you see an idea that you like, do something with it... Take action.
- Joe