What is Phishing, History and Type of Phishing

What is Phishing?

Phishing attackers use fraudulent emails and fake Web sites to conduct scams. The scammers often reveal their personal information, such as credit card numbers, bank card accounts, and ID numbers. Scammers often disguise themselves as trusted brands such as online banking, online retailers, and credit card companies to defraud users of private information.

The History of Phishing

The phishing technique was delivered in 1987 as an international paper under the Interex system in the form of papers and presentations.   

 As early as 1987, phishing technology was delivered to international HP user groups under the Interex system in the form of papers and presentations. The term "phishing" was first mentioned in the alt.online-service.America-online Usenet newsgroup on January 2, 1996, although the term may appear earlier on the written version of Hacker Magazine 2600.

Early online fishing in AOL 

AOL's phishing is closely related to the warez community that exchanges pirated software. Since AOL took the means at the end of 1995 to prevent the use of forged credit card numbers generated by algorithms to open an account, AOL crackers resorted to phishing to obtain legitimate accounts.

The phisher may disguise himself as an AOL staff member and send an instant message to potential victims asking the person to reveal their password. In order to induce victims to give up their personal sensitive data, the communication content is inevitably similar to "verify your account" or "confirm billing information". Once the victim's password is discovered, the attacker can obtain and use the victim's account for fraudulent use or send spam.  

Both phishing and warez in AOL generally need to develop their own applications, like AOHell. Since online fishing at AOL became so common, the company added a line to all its instant messaging: "No one AOL staff will ask for your password or billing information. (No one working at AOL will ask for your password Or billing information)".

After 1997, AOL noticed that phishing and Warez were tightening their policy enforcement to force pirated software to be insulated from AOL servers. On the other hand, AOL developed a system that immediately disables the account with the phishing hook, which is often reached before the victim can respond. The closure of AOL's warez backstage caused most phishers to leave the service. Many phishers are usually young teenagers who, when they grow up, quit this bad habit.

The transformation from AOL to financial institutions

The captured AOL account information may cause phishing attackers to abuse credit card information, and these hackers recognize that attacking online payment systems is feasible. The first known direct attempt to deal with the payment system was in June 2001, when the impact system was E-gold, and the incident followed the “post-911 identity check” shortly after the September 11 attacks. Both attacks at the time were considered failures, but they can now be seen as early experiments against more mainstream banks. By 2004, phishing was considered part of the complete industrialization of economic crime: specialization emerged in the global market, providing the basic components of finding money, and this component was assembled into the final perfect attack.

Recent phishing attacks

The phishers aim to target customers of banks and online payment services. It should be from the Internal Revenue service email that has been used to collect sensitive data from US taxpayers. Although the first such example was sent indiscriminately, the goal was to expect certain customers to disclose their bank or service data, and recent research suggests that phishing attacks may essentially identify potential victims. Which banks will be used and deliver fake emails based on the results. A targeted phishing version has been called spear phishing. Several recent phishing attacks have specifically targeted senior management and other large corporate, and the term "whaling" has been coined to describe this type of attack.

Social networking sites are the target of phishing attacks because personal data details on these sites can be used for identity theft; at the end of 2006, a computer worm took over the pages on MySpace and modified the links to guide the netizens of the site to design stealing logins. Information website. Experiments show that the success rate of phishing for social networking sites exceeds 70%.

Almost half of the phishing thieves were confirmed in 2006 by the Russian Business Network Group in St. Petersburg.

Type of Phishing

Link manipulation

Most phishing methods use some form of technical spoofing, designed to make one located in an email.

Another old method is to use a spoofed link with the '@' symbol. Originally this was used as an automatic login method that included a username and password (compared to the standard). For example, the link http://www.google.com@members.tripod.com/ may spoof a casually accessed Internet user, let him think it will open a web page on www.google.com, and it actually guides the browser Point to a page on members.tripod.com with the username www.google.com. The page will open normally, regardless of the given username. This address is disabled in Internet Explorer, and Mozilla Firefox and Opera will display a warning message and let the user choose to continue to browse or cancel the site.

There is also a problem that has been discovered in web browsers dealing with internationalized domain names (International Domain Names, hereinafter referred to as IDNs), which may cause similarly-looking addresses to be connected to different, potentially malicious websites. Despite the well-known vulnerabilities of IDN spoofing or homograph attacks, phishers risk a similar risk by using URL redirection services on reputable websites to disguise their malicious addresses [3] 

Filter evasion

Net hunters use images instead of text, making it more difficult for anti-phishing filters to detect text commonly used in phishing emails.

Website forgery

Once the victim visits the phishing website, the scam has not ended. Some phishing scams use JavaScript commands to change the address bar. This is done by placing an address bar image of a legal address to cover the address bar, or closing the original address bar and reopening a new legal URL.

Attackers can even exploit their own scripting vulnerabilities on reputable websites to deal with victims. The problem of this type of attack (also known as cross-site scripting) is particularly acute because they direct users to log in directly on the pages of their own bank or service, where everything from the network address to the security certificate seems to be correct. In fact, linking to the site is fiddling to attack, but it is very difficult to find without expertise. Such a vulnerability was used in 2006 to deal with PayPal

There is also a universal middleman phishing package discovered by RSA Information Security, which provides an easy-to-use interface that allows phishers to convincingly recreate the site and capture the user's login details into the fake site.

In order to avoid being scanned by the anti-phishing technology to the text related to phishing, the phishers have begun to use Flash to build websites. These look a lot like real websites, but hide text in multimedia objects.

Telephone net Phishing

Not all phishing attacks require a fake website. A message claiming to be from a bank tells the user to dial a phone number to resolve their bank account. Once the phone number (the phishers own the phone and provided by the IP phone service) is dialed, the system prompts the user to type in their account number and password. Vishing, named Voice Phishing, sometimes uses a fake caller ID display to make it look like a trusted organization. 

Internet hackers set up a fake Wi-Fi hotspot in public places, which leads people to connect to the Internet. Once a user logs in to a fake Wi-Fi hotspot set by a hacker with a personal computer or mobile phone, personal data and all privacy will fall into the hacker. In the hands. Every move you make on the Internet can't escape the eyes of hackers, even worse hackers, and install spyware on other people's computers.

Hidden redirect vulnerability

In May 2014, a Ph.D. student at the School of Physics and Mathematical Sciences at Nanyang Technological University in Singapore, Wang Jing (Wang Jing), discovered the " hidden redirect vulnerability " of OAuth and OpenID open source login tools.

The attacker creates a pop-up login window that uses the real site address—rather than using a fake domain name—to entice the Internet to enter their personal information.

Hackers can use this vulnerability to "transform" the phishing website, and use a well-known large-scale website link to entice users to log in to the phishing website. Once the user visits the phishing website and successfully logs in, the hacker can read the private information stored on the website.