they often use a misspelled URL that looks very similar to the URL of the actual website (What is typosquatting, and how do attackers use it for phishing ?). Sometimes, they even use subdomains in a deceptive way. For example, www.some.example.com may appear to come from the “example” subdomain of www.some.com website, but actually, it may be “some” subdomain of the fraudulent website www.example.com.

Attackers sometimes use images with text instead of plain text in emails. As a result, it becomes much harder for anti-phishing software to detect phishing. But, today, many anti-phishing filters use OCR or Optical Character Recognition to detect texts inside images and filter them.

Sometimes, the attackers use JavaScript to change the address bar and place a legitimate image of the actual URL over the address bar. As a result, once the victim clicks on the fraudulent link, it becomes very difficult for him to understand the deception.

Sometimes, attackers compromise a legitimate website. Once a user visits the legitimate website, a fraudulent pop-up appears that asks him to provide sensitive information like account name, password, etc.

A user may click on a link that appears to be coming from an official social networking website. While the user clicks on it, it may ask whether the user wants to authorize an application. If a user clicks on “yes”, it may send a token containing sensitive information like mail-id, friend list, etc. to the attackers. This sort of phishing is called Covert Redirect, and it is much harder to detect.

In phone phishing (What is vishing and how to prevent it?), the attackers call a victim using a phone and convince him to type a bank account number, PIN, etc, over the phone. Sometimes, the victims cannot understand the deception and fall into the trap. Attackers can also do phishing by sending SMS to mobile phones. This is called smishing (What is smishing and how to prevent it ?).

In tabnabbing (What is tabnabbing and how to prevent it?), the attackers load a webpage of their fraudulent website in one of the open tabs in the victim’s browser. Then, the opened tab silently redirects the victim to a similar-looking fraudulent website (e.g., a similar-looking but fake social networking website) to steal sensitive information.

Sometimes, attackers create a wifi network that looks identical to an official public one. It is called evil twin (How to protect oneself from evil twin?). Some users cannot detect the difference, and they start using the fraudulent network. And, whatever unencrypted information gets transferred through the network gets stolen.

How to prevent phishing?

We can educate ourselves to be aware of the most common phishing techniques so that we do not fall into the trap.

  • If an email asks a user to verify or confirm his account, it should contain at least the username. So, if you get an email that does not contain any personal information, especially your username, it is most likely a phishing email. It is better to contact the authority directly instead of clicking on any link in the email.
  • If a bank contacts you, it will use at least a few digits of your account number and mask the other digits. So, if you get an email asking for account verification, etc, and the email does not contain any digits of your account number, it is most likely a phishing email. Instead of clicking on any link on that email, directly contact the bank and verify the authenticity of the email.
  • Use security software from trusted sources and update them regularly.
  • Update all the software you use on your computer with recent security patches. Attackers often use security vulnerabilities present in commonly used software to perform cyber attacks.
  • Do not click on any link if you are not very sure of its trustworthiness.
  • If you get fake phone calls, take down the caller’s information and report it to the local authority.
  • If you get spam emails in your inbox, select the email and mark it as spam. Usually, spam filters use machine learning to detect spam in the inbox. So, the more you help the software in detecting spams, the more the software will help you in the future to detect spams. (How does a spam filter work, and what is a spam trap?)

Purpose of phishing

Why do attackers commit phishing?

Sometimes, attackers collect financial data from victims to steal money from the victims’ bank accounts. And sometimes, the collected personal …

Facebooktwitterredditpinterestlinkedinmail

Calculate the pseudoinverse of a matrix using Python

What is the pseudoinverse of a matrix? We know that if A is a square matrix with full rank, then A-1 is said to be the inverse of A if the following condition holds: $latex AA^{-1}=A^{-1}A=I $ The pseudoinverse or the Moore-Penrose inverse of a matrix is a...

Cholesky decomposition using Python

What is Cholesky decomposition? A square matrix A is said to have Cholesky decomposition if it can be written as a product of a lower triangular matrix and its conjugate transpose. $latex A=LL^{*} $ If all the entries of A are real numbers, then the conjugate...

Tensor Hadamard Product using Python

In one of our previous articles, we already discussed what the Hadamard product in linear algebra is. We discussed that if A and B are two matrices of size mxn, then the Hadamard product of A and B is another mxn matrix C such that: $latex H_{i,j}=A_{i,j} \times...

Perform tensor addition and subtraction using Python

We can use numpy nd-array to create a tensor in Python. We can use the following Python code to perform tensor addition and subtraction. import numpy A = numpy.random.randint(low=1, high=10, size=(3, 3, 3)) B = numpy.random.randint(low=1, high=10, size=(3, 3, 3)) C =...

How to create a tensor using Python?

What is a tensor? A tensor is a generalization of vectors and matrices. It is easily understood as a multidimensional array. For example, in machine learning, we can organize data in an m-way array and refer it as a data tensor. Data related to images, sounds, movies,...

How to combine NumPy arrays using horizontal stack?

We can use the hstack() function from the numpy module to combine two or more NumPy arrays horizontally. For example, we can use the following Python code to combine three NumPy arrays horizontally. import numpy A = numpy.array([[1, 2, 3], [4, 5, 6], [7, 8, 9]]) B =...

How to combine NumPy arrays using vertical stack?

Let’s say we have two or more NumPy arrays. We can combine these NumPy arrays vertically using the vstack() function from the numpy module. For example, we can use the following Python code to combine three NumPy arrays vertically. import numpy A = numpy.array([[1, 2,...

Singular Value Decomposition (SVD) using Python

What is Singular Value Decomposition (SVD)? Let A be an mxn rectangular matrix. Using Singular Value Decomposition (SVD), we can decompose the matrix A in the following way: $latex A_{m \times n}=U_{m \times m}S_{m \times n}V_{n \times n}^T $ Here, U is an mxm matrix....

Eigen decomposition of a square matrix using Python

Let A be a square matrix. Let’s say A has k eigenvalues λ1, λ2, ... λk. And the corresponding eigenvectors are X1, X2, ... Xk. $latex X_1=\begin{bmatrix} x_{11} \\ x_{21} \\ x_{31} \\ ... \\ x_{k1} \end{bmatrix} \\ X_2=\begin{bmatrix} x_{12} \\ x_{22} \\ x_{32} \\ ......

How to calculate eigenvalues and eigenvectors using Python?

In our previous article, we discussed what eigen values and eigenvectors of a square matrix are and how we can calculate the eigenvalues and eigenvectors of a square matrix mathematically. We discussed that if A is a square matrix, then $latex (A- \lambda I) \vec{u}=0...

Amrita Mitra

Author

Ms. Amrita Mitra is an author, who has authored the books “Cryptography And Public Key Infrastructure“, “Web Application Vulnerabilities And Prevention“, “A Guide To Cyber Security” and “Phishing: Detection, Analysis And Prevention“. She is also the founder of Asigosec Technologies, the company that owns The Security Buddy.

0 Comments

Submit a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Not a premium member yet?

Please follow the link below to buy The Security Buddy Premium Membership.

Featured Posts

Translate »