[ad_1]
The theme of "cybersecurity" is one of the most discussed today. Digital threats are more than numerous and, in this sense, it is necessary to have Know how so as not to fall into more and more perfect patterns.
When it comes to phishing, at the level of websites, it is common to hear that if the site contains the HTTPS protocol in the URL, it is secure! It's a fact, but that does not mean the site is legitimate.
HTTPS – Can you validate whether a site is secure or not?
Nowadays, it is important that all sensitive data exchanged between a client and a server is encrypted so that it can not be understood by third parties. In practice, when you access an online service that asks us for personal data or access credentials (for example, banking sites), it is important that all previous information is encrypted so as to become illegible.
In the case of web servers (among other services of a network), one of the ways to proceed with data encryption is to use the SSL protocol. The use of SSL (HTTP) on a site makes it secure but not legitimate!
What is phishing?
Phishing is a "cheat" that uses SPAM or pop-up messages to trick people into revealing credit card numbers, bank account details, social security numbers, passwords, and other sensitive information. .
Basically, the user receives an email supposed to come from a credible entity, but actually transmits it (via a URL / link or) to a site of identical design, but that is not in reality that a copy of the original, which results in the user entering his personal data and being cheated. The user generally receives information that the data is incorrect, but it is already on the attacker's side. Techniques such as DNS poisoning are also widely used in this type of attack.
The world of piracy …
The world of hacking is also evolving and it is normal for hackers to use mechanisms to believe that a particular site is legitimate.
If it's considered a legitimate site because of the use of HTTP, it's best to forget about such "theory" because, according to a recent study, about half of phishing sites use already "https: //".
According to a PhishLabs study 49% of all phishing sites already have SSL certificates associated with the fact that the site is available in HTTP does not mean that it is legitimate.
To help you check that a site is part of a phishing scheme, you can go to phishtank.com to see where it is listed.
It should be noted that this site is updated by a community of users who freely indicate sites that are part of phishing schemes.
Is not it a phishing site? Look well …
Consider the following image of the site! Does this seem legitimate to you? Apparently, however, if they notice, the URL checks that the "i" is strange. In fact, it is an IDN domain name – internationalized and the actual address points to https: //www.xn--bbox-vw5a[.]com / login.
In this case, the problem lies in the URL itself. Although this sounds legitimate, it is not because of Unicode characters that allow URLs with characters existing in other languages very similar to those we know.
Chrome and Firefox both have links to Unicode characters and not to the format. punycode. Learn how to protect yourself here.
In addition to these "techniques", there are many others. In this sense, it is increasingly important to know where to click and which sites we visit in order not to become a victim of a phishing site. Stay tuned!
Read also …
[ad_2]
Source link
