What is phishing and what's the origin of this term?
The activity of gathering confidential informations is a process condemned by law and it has as target the theft of financial informations and access passwords in bank accounts (and not only there). This activity is based on the ignorance of the fact that the official organizations do never send emails by means of soliciting confidential informations.
Examples of messages subjects are “Update Your Paypal Account” or “Your eBay User Account has been suspended!”, but they diversify according to regarded services supplier and targeted country. The requested informations usually are the number of the credit/debit card, PIN code for ATM's, informations about the bank account, personal numeric code/assurance account, access passwords, other personal data.
The pages used by the phishing authors are usually active only for a few hours or a few days.Technics of retrieving confidential dataExamples of messages (romanian language only):
„The link of the example: http://krumel.seo-point.com/bcr-noi-masuri-de-securitate-pentru-protectia-dumneavoastra/
„http://raiffeisenonline.ro/eBankingWeb/login
______________________________
The link of the example: http://krumel.seo-point.com/raiffeisen-bank-pishing-comision-de-intretinere/
„Incepand cu data de 16 - aprilie - 2008 serviciul Fastbanking de la Banca Transilvania va fi obligatoriu pentru toti clientii care poseda cardul maestro Banca Transilvania Direct.
Va multumim pentru intelegere
The link of the example: http://krumel.seo-point.com/pishing-banca-transilvania-fastbanking/- Social engineering: the URL is very much alike the real one, that can not be detected at first sight. For example, the address http://www.volksbank.com can be replaced with http://www.voIksbank.com – they seems identical but they are not: the letter “l” from the first link was replaced with the capital letter “i”.
- Pop-up: the connection in the email gets to the real web page, but another browser window (a pop-up) is showed first. Usually this pop-up windows doesn't have an addresses bar that can identify them as phoney pages.
Pharming”, or “domain spoofing”, redirect the user to a phoney web page even if the correct address is filled in. The correct URL remains showed in the access path of the browser, unchanged. To realize the redirecting process the name resolution must be modified by changing the settings for the TCP/IP protocol or by an entry in the “host” file.
“The phoney web page can use tricks like false tooltip or making not accessible the right click.
The consequences of the being entraped by such an attack varies from the inability to access an email to important financial loses, the delinquents can empty bank accounts, can create new accounts, can sign contracts (for utilities, for loans, etc) in victim's name, can commit crimes under false identity.
- Do not fill in electronic forms with confidential data, especially when they are send in emails. Any competent services suplier use secured web pages and digital certificates.
- Assure that you use a secured internet page (it contains https:// at the beginning of the link) and check the digital certificates.
- Constantly update your operating system and the softwares you usually work with for the newest patches as they appear.
The browser developers (Microsoft, Mozilla, etc) realized for their products methods to fight against the theft of personal informations, but the education of the users is the most important one. It's easier to prevent than repair. Be sceptic with unsolicited emails that you receive, no matter who (apparently) send them. Seek to confirm the identity of the sender through other methods.
The search engine optimisation part is very important for websites - they have to match certain criteria in order to appear as often as possible in the search results on Google and Bing. SEO (search engine optimization) starts from site / online store / platform development because it involves a specific structure of the pages, it involves an ease to browse for the visitors (for your clients) and it involves quicky loading when accessed. Our sites are delived already optimized, but if you have already a solution developed by someone else we analize your website and we offer consultancy - we'll tell you about the options you have about to boost its visibility and organic traffic.
We develop websites to present your activity to the world and applications for internet that help you organize your activity as eficient as possible and without loses (in money, time and energy) wherever you are. Do you need an online store or a tool available for you anytime? We can develop that as long you reserve a domain name and some hosting space, the app is our job.
We develop web applications and mobile apps (Android) for various companies and organisations according to their specifications and requirements. The apps are being used by employees and partners to work more efficient and with less costs for the company: the web applications can be accessed through the browsers installed on smartphones and tablets but the usage of a complementary mobile app can make efficiency to go up (it can increase the communication between people or it can show things not so important on PC).
We offer consultancy about the informatic system you have installed and we offer sollutions to make the more efficient, to improve and develop them further, we analize the activities inside your company and / organisation and we offer sollutions for the projects you want to develop.
