Spoofing, Pharming and Phishing: Fraud risks on the Internet

Terms like phishing, pharming and spoofing have been heard by every Internet user. Banks are always warning against fraudsters who use the above methods to cheat Internet users out of their money. We will show you how fraudsters proceed in case of attacks and how you can effectively defend yourself against them.

Fraud risks on the Internet: Phishing, Pharming and Spoofing

The Internet is one of the fastest growing economic sectors. Nowadays, a considerable proportion of purchases and bank transfers are made virtually. Its position as a mass medium has led to the Internet being used by billions of people. As the number of users grows, the risk of fraud attempts increases. Cyber criminals use ever new tricks and methods to cause damage and rob consumers of their assets. The fraud attempts mainly affect those consumers who lack knowledge about the Internet or simply act in good faith. With the right knowledge and an appropriate amount of caution, fraud risks on the Internet can be effectively defended against. Most attempts at fraud are made in the areas of spoofing, pharming and phishing. We will inform you about the specifics of the three fraud methods.

Spoofing

Spoofing" is a method in which the perpetrator conceals and manipulates his own identity. The perpetrator uses hostnames or trustworthy IP addresses and attempts to circumvent authentication and identification procedures. In spoofing, the sender of information fakes an address. In DNS spoofing, www. and IP addresses are deliberately changed. Offenders are usually referred to as "spoofers". Meanwhile, the so-called Call ID Spoofing is also used, in which the spoofing is done by telephone. Spoofing is also practised in the financial sector, where it is mainly used by high frequency traders and hedge funds. The first criminal proceedings against spoofers in financial markets were conducted in 2015.

Phishing

Phishing" involves deceiving the Internet user via his or her e-mail account. Phishing is probably one of the most common fraud attempts. In phishing, the perpetrators send official-looking e-mails from banks indiscriminately to e-mail inboxes. In them, users are asked to submit confidential data such as TANs, PINs and passwords. This is usually justified with server crashes, software updates or similar. From a purely visual point of view, users can verify the authenticity of the E-mail not certify. However, banks never ask users for confidential data by e-mail or on the phone. Gullible users fall for the deceptively genuine-looking e-mails and transmit their data. The e-mail may contain a link that leads to a fake website. website leads. This can often not be distinguished from the real site purely externally. The fake website appears to be a 1:1 copy of the real website. As soon as the user has entered his login data or similar, these are automatically forwarded to the criminals. They use the data obtained to transfer money from the user's bank account to their own accounts. Clear signs of a manipulated website are incorrect spellings of the URL. Often only one letter, hyphen or dot has been added or removed. Numerous phishing sites send reassuring emails after transactions have been carried out, in which transactions are denied or technical defects are pretended, so that the user is reassured and does not initially report the transfer to the bank.

Things to know about phishing

By now, almost every Internet user has come into contact with phishing. Phishing emails are sent millions of times and are directed indiscriminately at all Internet users. As soon as the email is identified as a phishing email, it should be deleted. As soon as the perpetrator has received the user's confidential bank details, the user can make transfers in minutes and "loot" the entire account. Once the data has been transferred, the login password is often changed to save more time. Users should have their account blocked immediately if there is any suspicion. The fastest method is probably to call the bank. Users should report phishing attacks to the police immediately. The risk of damage to reputation and assets is extremely high. A 100 percent protection is not given. Ideally, the antivirus filter should be kept up to date. By the way: Phishing is not only carried out via e-mails, but also by post. Official letters from banks and savings banks are forged. The principle is the same: The user is repeatedly asked to provide his individual bank details.

Pharming

Pharming" is a sub-form of phishing. Pharming involves the targeted manipulation of DNS queries to web browsers. The host file is modified on the Internet user's computer. Although the user enters the correct web address, he still ends up on a wrong website. DNS servers convert web addresses into IP addresses. For example, if the Internet user enters "www.Pharming.de" and the corresponding IP address is 100.200.0.1, pharming involves targeted manipulation so that the user is redirected to the IP address 100.200.0.2. Pharming does not require the user to follow a link from the e-mail, since the web browser in question has been manipulated. Pharming attempts can be recognized by the fact that the web address begins with "http:". Banks always use a secure and encrypted transmission marked with "https://".

Our recommendation

If you do not want to become a victim of spoofing, pharming or phishing, you should approach the Internet with an appropriate amount of distrust and caution. Suspicious e-mails should never be opened or even answered. In case of doubt, you should call the bank and ask for help. The bank can block your account and take appropriate security measures such as changing your login data, checking or retrieving transfers and informing the police. Under no circumstances should you be afraid of losing your reputation. Bank advisors are sworn to secrecy and will not tell anyone about you. After all, they are subject to professional and legal confidentiality. Phishing, pharming and spoofing are widespread and are nothing to be ashamed of. If you want to play it safe in advance, you should protect your computer with appropriate tools. Suitable tools include spam filters, virus scanners and firewalls. Anyone who has passed on his data in good faith must expect harsh consequences. Ignorance does not protect you from punishment: once money has been lost, it is usually inevitably lost. There is no compensation for the damage if you are at fault. Attempts at fraud on the Internet take place daily. However, with the information we provide you can protect yourself so well that the probability of a successful fraud attempt is almost impossible. Always remember that the Internet is teeming with fraudsters. However, if you do not pass on your trustworthy data, you basically have nothing to fear.

Current articles