- Use of names of already existing companies.
Instead of creating from zero the Web site of a fictitious company,
the transmitters of post office with fraudulent intentions they adopt the corporative image and
functionality of the site of Web of an existing company, with the purpose of confusing still more to the receiver of the
- Use the name of a real employee of a company like sender of the false mail
. This way, if the receiver tries to confirm the veracity of the mail calling to the
company, from this one they will be able to confirm to him that the person
that it says to speak in name of the company works in the same one.
- Directions Web with the correct appearance.
The fraudulent mail usually leads to the reader towards Web sites that they talk back the aspect of the company that is being used
in order to rob the information. In fact, as much the contents as the direction Web are false and imitate
the real contents.Even the legal information and other links connections
they can direct to trusted usuary to the page the real Web.
- Factor fear .
The window of opportunity of the defraudadores is very brief, since once one inquires to the company into which his clients
they are being object of this type of practices, the server who lodges to the fraudulent Web site and
it serves for the information collection is closed in the interval of few
days. Therefore, the defraudador is fundamental obtaining an immediate answer on the part of the user.
In many cases, the best incentive is to threaten a loss, or economic or of the own existing account,
if the instructions indicated in the received mail are not
- Man-in-the-middle (man in means).
In this technique, the attacker locates between the user and the real Web site,
acting as a proxy.
This way, it is able to listen to all the communication between both
So that it is successful, must be able to redirigir to the client towards his
proxy instead of towards the real server.
Diverse techniques exist stops
to obtain it, as for example the transparent proxies,
(Poisoned of Caché DNS)
- Advantage of type vulnerabilities
Cross-Site Scripting in a Web site,
that they allow to simulate a safe page Web of a banking organization,
without the user can detect anomalies in the direction nor in the certificate of security that appears in the
- Advantage of vulnerabilities of Internet Explorer
in the client,
that they allow by means of the use of exploits
falsify the direction that appears in the navigator. This way, could be directed
the navigator to a fraudulent site, whereas in the bar of directions of the navigator
would be the URL of the confidence site. By means of this technique,
also it is possible to falsify the windows pop-up opened from an authentic page Web.
- Some attacks of this type also make use of
exploits in fraudulent Web sites that, taking advantage of some vulnerability
of Internet Explorer or the operating system of the client,
they allow to unload troyanos of type to keylogger that they will rob confidential information of the
- Another more sophisticated technique is the denominated one
Pharming. One is fraudulent tactics that consist of
to change the contents of DNS (Domain Name Server)
or through the configuration of the protocol TCP/IP or of the file
lmhost (that it acts like a local cache of names of servers), in order to direct the navigators to false pages
instead of the authentic ones when the user accedes to the same ones
through its navigator. In addition, in case that the user affected by
pharming sail through proxy in order to guarantee its anonymity,
the resolution of names of the DNS of proxy can see affected so that all the users
that they use it they are lead to the false server instead of the legitimate
¿How it works? ¿How it is
More the habitually used mechanism is generation of a false electronic mail that
simulate to come from a certain company, whose clients try themselves to
deceive. This message will contain connections that aim at one or several pages Web that talk back in everything or partly the aspect and
the functionality of the company, of that one hopes that the receiver maintains a relation commercial.
If the receiver of the mail message indeed it has that relation with the company and
it trusts that the message really comes from this source, it can end up introducing
sensitive information in a false form
located in one of those Web sites
As far as his distribution,
also they present/display common characteristics:
- In the same way that the Spam, it is sent massively and indiscriminately
by electronic mail or systems of instantaneous mail:
- The message insists to the user to press on a
connection, that it will take to a page in which will have to introduce its confidential data,
with the excuse to confirm them, reactivate its account, etc.
- It is sent like one it alerts of a financial organization warning of an attack.
It includes a connection that is urged to press and in that personal data are asked
- Since the message is distributed massively,
some of the receivers will be indeed client of the organization.
In the message it is indicated that, due to some problem of security it is necessary
accede to a direction Web where it must confirm its data: user name,
password, number of credit card, PIN, number of social security,
- Of course, the connection does not direct to any page of the company,
but rather to a Web site (similar to the original) developed to intention by the swindlers and whoit reproduces the corporative image of the financial organization
at issue. Normally the direction Web contains the name of the legitimate institution
reason why the client does not suspect the falsification of the same
- When the user introduces his confidential data,
these are stored in a data base and what it happens next does not need a concerted effort of imagination:
the swindlers use this information to connect themselves to their account and to have the bottoms freely
The main damages caused by
phishing they are:
of identity and confidential data of the users (credit cards,
access keys, etc).
- Loss of
- Consumption of resources of the corporative networks
(bandwidth , saturation of the mail,
¿How I can recognize a message of phishing?
Distinguish a message of phishing of another legitimate one
it can not be easy for a user who has received a mail of such characteristics,
specially when she is indeed client of the financial organization from which supposedly the message comes.
- The field
Of: of the message it shows a direction of the company at issue.
Despite, the swindler is simple to modify the origin direction that is
in any client of mail.
- The message of electronic mail
presents/displays logotype or images that have been gathered of the real Web siteto that the fraudulent message makes
- The connection that sample looks like to point at the original Web site of the company,
but in fact it takes to a fraudulent page Web, in that data of users will be asked
for, passwords, etc.
- Normally these messages of electronic mail
they present/display grammar errors or changed words,
that they are not usual in the communications of the organization by that they are being tried to make
Clon page of the Cajamadrid Bank in Spain and
shipment massively by electronic mail to several clients of this institution
example: Bank Viabcp - Paypal
All the users of the electronic mail we run the risk of being victims on these attempts of attacks.
Any public direction in Internet (that it has been used in forums, groups of the news or somewhere Web)
it will be more susceptible to be victim of an attack due to spiders that they track the network in search of valid directions of electronic mail.
This one is the reason that east type exists of
malware. An attack of this type is really cheap making and the obtained benefits are numerous with only a smallest percentage of success
¿How I can be protected of
In case that it believes that the received message could be legitimate,
something that of entrance must be considered like highly improbable, in the first place it would have to contact with the financial institution,
by telephone or through the means that use habitually. Even in affirmative case,
always verify the following points before introducing any class of data that can maliciously arrive to be used by third,
in order to drastically reduce the risk of undergoing an attack of phishing:
- Verify the source of the
It does not answer any mail automatically that asks for personal or financial information.
If it has doubts on if really that organization it needs the type information
that it solicits to him, it is enough with telephoning to its habitual contact to make sure the source of the
- The direction writes same you in its navigator of Internet
. Instead of clicking in the hyperbond provided in the electronic mail,
the direction writes directly Web in the navigator or use a marker that has created previously.Even directions that they pretend to be correct in the electronic mails
they can hide to the route towards a fraudulent Web site.
- Reinforce its security .
Those users who make transactions through Internet they would have to form its system with
suites of security able to block these threats, apply the last ones
facilitated by the manufacturers and to make sure that they operate in safe way through digital certificates or
safe communication protocols like https://
- Verify that the page Web which has entered is a safe direction
: it has to begin with https:// and a small one closed padlock
it must appear in the state bar of our navigator.
- Click double on this padlock to have access to the digital certificate
that it confirms that the Web corresponds with which is
- Review its accounts
periodically.. The monthly abstracts are specially useful
in order to detect irregular transferences or transactions, as much operations that have not made and
they are reflected in the abstract, like conducted operations online
and that does not appear in the abstract.
Fulfilled all these requirements,
the user can provide his information with a reasonable security of which this one will not be used against its
The best way to protect itself of
phishing it is to understand the way to act of the suppliers of financial services and
other organizations susceptible to receive this type of attacks . The main rule that these organizations do not infringe is the information request
sensible through nonsafe channels, like for example the electronic mail.
If it has the necessity to make transactions in line,
take into account these recommendations: First it verifies that its PC is frees of nobody malware
rootkits, etc.),it never does it in a cabin publishes
(cibercafé), and make in a safe Web, these must begin with https://
and they must show a small icon "padlock" in the right inferior part of the page,
that it is the certificate of security and of guarantee (give double click and you can read it).
Gratefulness a :