We all have heard about cybercrimes and the most well-known of it is Phishing and scamming. Have you ever thought about it, How it happens? What it depend on? How many methods are there? And how we can protect ourselves from these cybercriminal attacks.
At the first we need to identify what is cybercrime, a cybercrime is a way that the malefactors try to steal information which are important (social, financial and most important business information). What are the most know ways for cybercrimes, we will identify it now for you:
Before we get to identify the ways the cybercriminals use, we need to know how they choose their victims and what they use for.
It’s all about how public is the victim. In other words much information the malefactors know about the victim. In the recent years there has been a lot of methods to look for people. Let imagen that you are searching for a specified person, the first thing you will do is writing his First and Last name in search engines like google, now the search engine will show to you a plenty of people with the same names, but how about you have a photo for that person, wouldn’t be more easier to find the one you are looking for?. Form here we can say that the more information (e.g. photo, work place, living place, phone number and others information) the cybercriminal will have the easiest will be to fine the right victim. Recently the social media networks or even there are website are dedicated to search for people you only need to provide the first and last name or phone number or even a photo for the wanted person the facial recognition technology will do the rest.
- Phishing or Scamming: is a way used by malefactors to steal your information you methods depend on email that will make you give the required information willingly.
It’s all starts by emails. Emails are the past and modern way to communicate officially between corporates or even on the personal level, there are many modern apps and social networks that required and email to register in. even though there are many communicate apps and social media but the emails stays the basic for all these. If we went to the level of trusted and most official way to communicate between corporates we will find that emails are the most official way to do so. And that what makes email accounts more seductive for cybercriminals call for and try to collect.
Now after we knew about emails let’s see how the cybercriminals tries to attack people and what are the most common methods they use to.
There are three most common way are:
- Simple text requesting information: such as an email telling you that your email quota is full or running out of quota and you need to provide your information by replying to the email as soon as possible or something will happen to your account or could you lose your account, my advice DO NOT ever reply to such emails, they are phishing emails.
- Text with link sends you to a phishing website: in such letters will be a simple official look like text asking you to click on a provided link in the letter body to login to your account in favor for acquiring some makeup issue, DO NOT click on these kind of links they are made for phishing.
- Simple text email with phishing attachments (PDF, DOC): this type of emails is created to bypass some security providers that looks for suspicious links and block them, so the cybercriminal sends an attachment having inside an look like legitimate letter asking you to click on specified link and replying on the email to another email address with your information in it.
The most common topic that the malefactors use in the phishing emails are:
- Account problems: such as email quota issues.
- Imitated business corresponds: pretending to be an official account asking you to provide information or to do some instructions, could be presenting themselves as your support helpdesk (in some freebased email account), or pretend to be a corresponded corporate asking to verify a purchase order requiring you to log in through provided link which is prepared for phishing victims.
- Most important to remember is that most phishing emails requires you to respond in a short limited time no more than 48 hours, so they make the victim do not thinking actions to provide the information.
Now after you knew all these information will start to think how I can identify a phishing email, there are basic thing you need to get attention to:
- Look at the domain if it’s not related to the sending corporate name, is considers as phishing email.
- Look or hove your mouse over any provided link if the organization name is in the path and not the domain name, it considers as phishing email.
- You will find some spelling error in the text body, or even some letter or symbols from other languages.
- Router hijacking or DNS hijacking: most among you will ask what router hijacking is or what the relation between routers and cybercrimes is. Let’s first identify what a router is, a router is a device that rout you to the website that you asked your website to show to you. How it’s done? It’s all done by a protocol called DNS(Domain name system), the DNS translate the human language into computer numeric language, for example you need to access to www.google.com, router don’t know what google is so the DNS will translate this name into numeric IP address that the router could understand.
The question now, what is the relation between router and cybercrimes? Every router comes with administrative login credentials, and with common routers (e.g. TP-Link, D-Link, TOTO Links, etc.) the administrative login can be search through internet and they are will know. On the other hand most users do not change their router administrative password and leave it to the default. So if the malefactor could join to the network will be able easily to access to the router sitting and change the DNS sittings, and when the victim tries to access to interested website the the hijacker want him to log in the DNS will redirect the victim into a mimic website (e.g. bank website, free email account, PayPal account, UBER, etc..) to an original website, and then once the victim enters his credentials they will be provided to the hijacker in a plate of gold.
How you can protect yourself? You need to do:
- Change your router administrative credentials in regular base.
- Update your router to the latest firmware provided from the prodder company, some of these routers may need to be update it manually so check for updates. Some of these updates will have a fix for some vulnerability issues.
- When you access to a website look if it’s considers secure by noticing the start of the link ( https:// ). Always try to click in more that side of the website, it’s almost impossible for the malefactors to create an imitated website as the original.
For you to protect yourself by choosing the right router from such well known branded such as Cisco as it know number one worldwide in providing security appliance.
At the end we all need to be protected well by choosing a full- featured security solution that bring relief to mind such as Kaspersky as they have many solution for individual and corporate such as endpoint security for business.
