“ Hambalyo^{(Congratulations)} ! Waxaad ku guuleysatey n milyan oo doolar^(Dollars) . Noo soo dir faahfaahinta bangigaaga." Haddii aad ku jirto internetka^(Internet) , waxaa laga yaabaa inaad ku aragtay iimayladaas sanduuqaaga boostada ama sanduuqa boostada ee junk. E-maillada noocan ah waxaa loo yaqaan phishing: dambi internet-ka oo ay dambiileyaashu adeegsadaan tignoolajiyada kombiyuutarka si ay uga xadaan xogta dhibanayaasha noqon kara shakhsiyaad ama guryo ganacsi oo shirkadeed. Xaashidan khiyaamaynta ee Phishing^{(Phishing cheat sheet)} waa isku day lagu doonayo in lagu siiyo aqoonta ugu badan ee ku saabsan dambiyada internetka si aadan u noqon dhibane dembiga. Waxaan sidoo kale ka wada hadalnaa noocyada phishing-ka^{(types of Phishing)} .

Waa maxay phishing?

Phishing waa dambi internet-ka oo ay dambiilayaashu ku soo jiitaan dhibbanayaasha, iyaga oo ujeedadoodu tahay in ay xadaan xogta dhibbanaha, iyaga oo isticmaalaya iimaylo been abuur ah iyo fariimo qoraal ah. Inta badan, waxaa lagu sameeyaa ololeyaal iimaylo badan. Waxay adeegsadaan aqoonsiyada^(IDs) iimaylka ee ku meel gaadhka ah iyo adeegayaasha ku meel gaadhka ah, marka way ku adkaanaysaa masuuliyiinta inay qabtaan. Waxay leeyihiin qaab guud oo loo diro boqollaal kun oo qaataha ah si ugu yaraan qaar yar loo khiyaamo. Baro sida loo garto weerarrada phishingka^{(how to identify phishing attacks)} .

Maxaa loogu yeeraa phishing?

Waad ogtahay kalluumeysiga. Kalluumaysiga nolosha dhabta ah, kalluumaystuhu wuxuu dejiyaa sed si uu u qabsado kalluunka marka kan dambe lagu xiro usha kalluumeysiga. Intarneetka^(Internet) sidoo kale, waxay u adeegsadaan sed fariin ah qaab wax lagu qanci karo oo u muuqda mid run ah. Maadaama dambiilayaasha ay adeegsadaan sed, waxaa loo yaqaan phishing. Waxay u taagan tahay kalluumeysiga erayga sirta ah oo hadda loo yaqaan phishing.

Dabintu waxay noqon kartaa ballan lacag ama alaab kasta oo ku qasbi karta isticmaale kasta inuu riixo sed. Mararka qaarkood, sedku wuu ka duwan yahay (tusaale ahaan, hanjabaad ama degdeg ah) wuxuuna ku baaqayaa ficil sida gujinta isku xirka adoo sheegaya inaad dib u fasaxday akoonkaaga Amazon , Apple , ama PayPal .

Sidee loogu dhawaaqaa phishing?

Waxaa loogu dhawaaqaa sida PH-ISHING. 'PH's ku jira F ish.

Sidee bay caadi u tahay phishing?

Weerarada phishingka ayaa aad uga badan malware. Tani waa in la yiraahdo in badan oo ka mid ah dambiilayaasha internetka ayaa ku hawlan phishing marka la barbardhigo kuwa faafiya malware iyaga oo isticmaalaya emails, mareegaha been abuurka ah, ama xayeysiisyada been abuurka ah ee mareegaha dhabta ah.

Maalmahan, xirmooyinka phishing-ka waxaa lagu iibiyaa khadka si dhab ah qof kasta oo xoogaa aqoon u leh shabakadaha wuu iibsan karaa oo u isticmaali karaa hawlo sharci darro ah. Xirmooyinkan phishing-ga ah waxay bixiyaan wax walba laga bilaabo xidhitaanka degelka ilaa la soo ururiyo iimaylka ama qoraalka soo jiidashada leh.

Noocyada phishingka

Waxaa jira noocyo badan oo phishing ah. Qaar ka mid ah kuwa caanka ah waa:

1. iimaylada caadiga ah ee guud^(General) ee ku waydiinaya tafaasiishaada gaarka ah waa qaabka ugu isticmaalka badan ee phishing
2. phishingka waran
3. Been-abuurashada
4. Dhoola tuska (SMS phishing) iyo Vishing
5. QRish khiyaamo
6. Tababbarida

1] Fiishka Guud

Qaabka ugu aasaasiga ah ee phishingka, waxaad la kulantaa iimaylo iyo qoraallo kaa digaya wax ku saabsan adiga oo ku weydiinaya inaad gujiso xiriiriye. Xaaladaha qaarkood, waxay ku weydiinayaan inaad furto lifaaqa iimaylka ay kuu soo direen.

Mawduuca iimaylka dhexdiisa, dembiilayaasha internetka ayaa kugu soo jiidanaya inaad furto iimaylka ama qoraalka. Mararka qaarkood, mawduuca mawduuca ayaa ah in mid ka mid ah akoonnadaada onlaynka ah uu u baahan yahay cusboonaysiin iyo dhawaaq degdeg ah.

Jidhka iimaylka ama qoraalka, waxa jira xogo soo jiidasho leh oo been abuur ah laakiin la rumaysan karo ka dibna ku dhammaata baaq ficil ah: ku weydiinaya inaad gujiso xidhiidhka ay ku bixinayaan iimaylka phishing-ka ama qoraalka. Farriimaha qoraalka^(Text) ahi aad bay khatar u yihiin sababtoo ah waxay adeegsadaan URL^(URLs) -yada la soo gaabiyay oo aan la hubin karin halka ay u socdaan ama xidhiidhka buuxa ee ay ku socdaan adiga oo aan gujin marka aad talefoonka ku akhrido. Waxaa laga yaabaa inuu jiro app kasta oo laga yaabo inuu ka caawiyo hubinta URL buuxa laakiin ma jiro mid aan ka warqabo weli.

2] Seeraha phishingka

Waxa loola jeedaa phishing-ka la beegsaday halka bartilmaameedyadu ay yihiin shaqaalaha guryaha ganacsiga. Dembiilayaasha internetka waxay helayaan aqoonsiga^(IDs) goobta shaqada waxayna u diraan iimaylo been abuur ah ciwaannadaas. Waxay u muuqataa iimaylo ka yimid qof sare oo jaranjarada shirkadda, abuuraya degdeg ku filan oo loogu jawaabo iyaga… taaso ka caawinaysa dambiilayaasha internetka inay jabiyaan shabakada guriga ganacsiga. Halkan ka akhri dhammaan wixii ku saabsan phishing-^{( spear phishing)} ka warmaha. Xidhiidhku waxa kale oo uu ka kooban yahay qaar ka mid ah tusaalooyinka phishingka waranka.

3] Hilibka

nibiriga^(Whaling) ayaa la mid ah phishingka waranka. Farqiga kaliya ee udhaxeeya phishing-ka iyo waranku waa in ^(Whaling)waran^(Spear) -phishing-ku bartilmaameedsan karo shaqaale kasta, halka nibiriga loo isticmaalo in lagu beegsado shaqaalaha mudnaanta leh. Habka waa isku mid. Dembiilayaasha internetka waxay helayaan aqoonsiga^(IDs) iimaylka ee rasmiga ah iyo lambarada taleefanka dhibbanayaasha waxayna u soo diraan iimayl ama qoraal soo jiidasho leh oo ku lug leh baaq ficil ah oo furi kara intranetka shirkadda^{(corporate intranet)} si loo siiyo gelitaanka albaabka dambe. Akhri wax badan oo ku saabsan werarada phishing-ka ee Whaling^{(Whaling phishing attacks)} .

4] Dhoola-tuska iyo Vishing

Marka dambiilayaasha internetka ay isticmaalaan adeegga fariimaha gaaban ( SMS ) si ay u kalluumaystaan ​​tafaasiisha gaarka ah ee dhibbanayaasha, waxa loo yaqaan phishing SMS ama smishing gaaban. Ka akhri faahfaahinta Dhoola tuska iyo Vishing .

5] Khiyaanada QRing

Koodhadhka QR maaha kuwo cusub Marka macluumaadka la rabo in la dhigo mid gaaban oo sir ah, code-yada QR ayaa ah kuwa ugu wanaagsan in la hirgeliyo. Waxaa laga yaabaa inaad ku aragtay lambarada QR ee albaabbada lacag bixinta ee kala duwan, xayaysiisyada bangiga, ama si fudud Webka WhatsApp^{(WhatsApp Web)} . Xeerarkani waxay ka kooban yihiin macluumaad qaab labajibbaaran oo madow ku kala firirsan yihiin dushiisa. Mar haddii aan la garanayn waxa dhammaan macluumaadka QR code bixiyo, had iyo jeer way fiican tahay in laga fogaado ilaha aan la garanayn ee koodka. Taas macnaheedu waxa weeye haddii aad ku hesho koodka QR ee iimaylka ama qoraal cid aanad garanayn, ha iska saarin. Akhri wax badan oo ku saabsan khiyaanada QRishing ee taleefannada casriga ah.

6] Tababbarida

Qabasho waxay u beddeshaa bog sharci ah oo aad booqanaysay, una bedeshaa bog been abuur ah, mar aad booqato tab kale. Aynu nidhaahno:

1. Waxaad u socotaa degel dhab ah
2. Waxaad furaysaa tab kale oo baadh goobta kale.
3. Muddo ka dib, waxaad ku soo noqotaa tab ugu horeysay.
4. Waxaa lagugu salaamay faahfaahin cusub oo soo gelid, laga yaabee akoonkaaga Gmailka^(Gmail) .
5. Mar kale ayaad soo gashay, adigoon ka shakisanayn in bogga, oo ay ku jiraan favicon-ku, uu dhab ahaantii beddelay dhabarkaaga gadaashiisa!

Tani waa Tabnabbing , oo sidoo kale loo yaqaan Tabjacking .

Waxaa jira noocyo kale oo phishing ah oo aan hadda aad loo isticmaalin. Kuma aan magacaabin qoraalkan. Hababka loo isticmaalo phishing-ka ayaa ku sii kordhinaya farsamooyin cusub dembiga. Ogow noocyada kala duwan ee dambiyada internetka haddii aad xiisaynayso.

Aqoonsiga iimaylada phishingka iyo qoraallada

In kasta oo dembiilayaasha internetka ay qaadaan dhammaan tallaabooyinka ay kugu khiyaaneeyaan inaad gujiso xiriirkooda sharci darrada ah si ay u xadaan xogtaada, waxaa jira dhowr tilmaame oo bixiya farriin ah in iimaylka uu yahay mid been abuur ah.

Inta badan, nimanka phishing-gu waxay isticmaalaan magac aad taqaan. Waxay noqon kartaa magaca bangi kasta oo la aasaasay ama guri kasta oo shirkadeed sida Amazon , Apple , eBay, iwm. Raadi aqoonsiga emailka.

Dembiilayaasha khiyaaliga ahi ma isticmaalaan iimaylka joogtada ah sida Hotmail , Outlook , iyo Gmail , iwm. bixiyayaasha emailka ee caanka ah. Waxay isticmaalaan iimaylka ku meel gaadhka ah, markaa wax kasta oo ka yimid ilo aan la garanayn waa shaki. Xaaladaha qaarkood, cybercriminals waxay isku dayaan inay ka takhalusaan aqoonsiga^(IDs) emailka iyagoo isticmaalaya magac ganacsi - tusaale ahaan, [email protected] Aqoonsiga emailka waxaa ku jira magaca Amazon , laakiin haddii aad u dhowaato, maahan server-yada Amazon ee waa qaar been abuur ah. .com server.

Markaa, haddii boostada http://axisbank.com ay ka timaaddo aqoonsiga iimaylka oo leh [email protected] , waxaad u baahan tahay inaad taxaddar muujiso. Sidoo kale, raadi khaladaadka higaada. Tusaalaha Bangiga Axis^{(Axis Bank)} , haddii aqoonsiga iimaylka uu ka yimid axsbank.com, waa iimaylo phishing ah.

PhishTank waxay kaa caawin doontaa inaad xaqiijiso ama ka warbixiso shabakadaha phishing

Ka taxadarida phishingka

Qaybta kore waxay ka hadashay aqoonsiga iimaylada iyo qoraallada phishingka. Saldhigga dhammaan taxaddarrada ayaa ah baahida loo qabo in la hubiyo asalka iimaylka halkii aad si fudud u gujin lahayd xiriirinta iimaylka. Cidna ha siin furahaaga sirta ah iyo su'aalaha amniga. Fiiri iimaylka aqoonsiga laga soo diray.

Haddii ay tahay qoraal ka yimid saaxiib, waad ogtahay, waxaa laga yaabaa inaad rabto inaad xaqiijiso haddii isaga ama iyadu ay runtii soo direen. Waad wici kartaa oo weyddiin kartaa haddii uu soo diray farriin xiriiriye leh.

Weligaa ha gujin xiriirinta iimaylada ee ilaha aadan aqoon. Xitaa iimaylada u muuqda kuwa run ah, ka soo qaad Amazon , ha gujin khadka^{(do not click on the lin)} k. Taa beddelkeeda, fur browserka oo ku qor URL -ka Amazon . Halkaa, waxaad ka hubin kartaa inaad dhab ahaantii u baahan tahay inaad u dirto wax faahfaahin ah cidda.

Xidhiidhiyayaasha qaarkood ayaa soo gala oo sheegaya inaad xaqiijiso is-diiwaangelintaada. Eeg haddii aad iska diiwaan gelisay adeeg dhawaanahan. Haddii aadan xasuusan karin, ilow xiriirka iimaylka.

Maxaa dhacaya haddii aan gujiyo isku xirka phishing-ka?

Isla markiiba xidh browserka Ha taaban ama ha gelin wax macluumaad ah haddii aadan awoodin inaad xirto browserka, sida browserka casriga ah qaarkood. Gacanta ku xidh tab kasta oo browser-yadan ah. Xusuusnow^(Remember) inaadan galin mid ka mid ah abkaaga ilaa aad iskaanka ku samayso BitDefender^{(BitDefender)} ama Malwarebytes . Waxa jira apps lacag-bixineed oo aad isticmaali karto.

Si la mid ah kombiyuutarada. Haddii aad gujiso xiriiriyaha, browserka waa la bilaabayaa, waxaana soo bixi doona nooc ka mid ah shabakadaha nuqul ka mid ah. Ha taaban meel kasta oo browserka ah. Kaliya^(Just) dhagsii badhanka u dhow browserka ama isticmaal Maareeyaha Hawsha Windows^{(Windows Task Manager)} si aad isku mid u xidho. Samee iskaanka antimalware ka hor inta aanad isticmaalin codsiyada kale ee kombiyuutarka.

Akhri^(Read) : Xagee laga soo sheegaa Khayaanada Onlineka ah, Isbaamka iyo shabakadaha phishingka ?

Fadlan faallo ka bixi oo nala soo socodsii haddii aan wax kaga tagay xaashidan khiyaanada phishingka.^{(Please comment and let us know if I left out anything in this phishing cheat sheet.)}

Types of Phishing - Cheat Sheet and Things you need to know

“Congratulationѕ! You have won n million Dollars. Send us your bank details.” If you аre on Іnternet, you might have seen such emails in your inbox or junk mailbox. Sυch emails are called phishing: a cyber-crime wherein criminals use computer technology to steal data from victims that can be individuals or corporate business houses. This Phishing cheat sheet is an attempt to provide you with max knowledge about this cyber-crime so that you don’t become a victim of the crime. We also discuss the types of Phishing.

What is phishing?

Phishing is a cybercrime where criminals lure victims, with an intention to steal victim’s data, using fake emails and text messages. Mainly, it is done by mass email campaigns. They use temporary email IDs and temporary servers, so it becomes hard for authorities to nab them. They have a general template that is sent to hundreds of thousands of recipients so that at least a few can be tricked. Learn how to identify phishing attacks.

Why is it called phishing?

You know about fishing. In real life fishing, the fisherman sets a bait so that he can catch fish when the latter are hooked to the fishing rod. On the Internet too, they use bait in the form of a message that can be convincing and appears genuine. Since the criminals use a bait, it is called phishing. It stands for password fishing which is now referred to as phishing.

The bait could be a promise of money or any goods that could compel any end-user to click on the bait. Sometimes, the bait is different (for example, threat or urgency) and calls for action like clicking links saying you have to re-authorize your account at Amazon, Apple, or PayPal.

How to pronounce phishing?

It is pronounced as PH-ISHING. ‘PH’as in Fishing.

How common is phishing?

Phishing attacks are more common than malware. This is to say that more and more cybercriminals are engaged in phishing compared to those who spread malware using emails, fake websites, or fake advertisements on genuine websites.

These days, phishing kits are sold online so practically anyone with some knowledge of networks can buy them and use them for illegal tasks. These phishing kits provide everything from cloning a website to compiling a compelling email or text.

Types of phishing

There are many types of phishing. Some of the popular ones are:

1. General regular emails asking you your personal details are the most used form of phishing
2. Spear phishing
3. Whaling scams
4. Smishing (SMS phishing) and Vishing
5. QRishing scams
6. Tabnabbing

1] General Phishing

In its most basic form of phishing, you encounter emails and texts cautioning you about something while asking you to click a link. In some cases, they ask you to open the attachment in the email they sent to you.

In the email subject line, the cybercriminals lure you into opening the email or text. Sometimes, the subject line is that one of your online accounts needs updating and sounds urgent.

In the body of the email or text, there is some compelling information that is fake but believable and then ends with a call to action: asking you to click on the link they provide in the phishing email or text. Text messages are more dangerous because they use shortened URLs whose destination or full link can’t be checked without clicking on them when you read them on the phone. There may be any app anywhere that may help with checking out the full URL but there’s none I am aware of yet.

2] Spear phishing

Refers to targeted phishing where the targets are employees of business houses. The cybercriminals get their workplace IDs and send the fake phishing emails to those addresses. It appears as an email from someone top on the corporate ladder, creating enough hurry to reply to them… thereby helping the cybercriminals with breaking into the network of the business house. Read all about spear phishing here. The link also contains some examples of spear phishing.

3] Whaling

Whaling is similar to spear phishing. The only difference between Whaling and Spear phishing is that spear-phishing can target any employee, while whaling is used to target certain privileged employees. The method is the same. The cybercriminals get the official email IDs and phone numbers of the victims and send them a compelling email or text that involves some call for action that might open the corporate intranet to give the back-door access. Read more about Whaling phishing attacks.

4] Smishing and Vishing

When cybercriminals use short messaging service (SMS) to fish out personal details of victims, it is known as SMS phishing or Smishing for short. Read about Smishing and Vishing details.

5] QRishing scams

QR codes are not new. When information is supposed to be kept short and secret, QR codes are the best to implement. You may have seen QR codes on different payment gateways, bank adverts, or simply on WhatsApp Web. These codes contain information in the form of a square with black scattered all over it. Since it is not known what all information a QR code provides, it is always best to stay away from unknown sources of the codes. That is to say that if you receive a QR code in an email or text from an entity that you do not know, don’t scan them. Read more about QRishing scams on smartphones.

6] Tabnabbing

Tabnabbing changes a legitimate page you were visiting, to a fraudulent page, once you visit another tab. Let’s say:

1. You navigate to a genuine website.
2. You open another tab and browse the other site.
3. After a while, you come back to the first tab.
4. You are greeted with fresh login details, maybe to your Gmail account.
5. You login again, not suspecting that the page, including the favicon, has actually changed behind your back!

This is Tabnabbing, also called Tabjacking.

There are some other types of phishing that are not used much nowadays. I have not named them in this post. The methods used for phishing keep on adding new techniques to the crime. Know the different types of cybercrimes if interested.

Identifying phishing emails and texts

While the cybercriminals take all measures to trick you into clicking their illegal links so that they can steal your data, there are a few pointers that give out a message that the email is fake.

In most cases, the phishing guys use a name familiar to you. It can be the name of any established bank or any other corporate house such as Amazon, Apple, eBay, etc. Look for the email ID.

Phishing criminals do not use permanent email like Hotmail, Outlook, and Gmail, etc. popular email hosting providers. They use temporary email servers, so anything from an unknown source is suspicious. In some cases, the cybercriminals try to spoof email IDs by using a business name—for example, [email protected] The email ID contains the name of Amazon, but if you look closer, it is not from Amazon’s servers but some fakeemail.com server.

So, if a mail from http://axisbank.com comes from an email ID that says [email protected], you need to exercise caution. Also, look for spelling errors. In the Axis Bank example, if the email ID comes from axsbank.com, it is a phishing email.

PhishTank will help you verify or report Phishing websites

Precautions for phishing

The above section talked about identifying phishing emails and texts. At the base of all precautions is the need to check the origin of email instead of simply clicking on the links in the email. Do not give out your passwords and security questions to anyone. Look at the email ID from which the email was sent.

If it is a text from a friend, you know, you might want to confirm if he or she had sent it really. You could call him and ask him if he sent a message with a link.

Never click on links in emails from sources you do not know. Even for emails that appear genuine, suppose from Amazon, do not click on the link. Instead, open a browser and type out the URL of Amazon. From there, you can check if you actually need to send any details to the entity.

Some links come in saying you have to verify your sign up. See if you signed up for any service recently. If you cannot remember, forget the email link.

What if I clicked on a phishing link?

Close the browser immediately. Do not touch or enter any information in case of not being able to close the browser, like in some smartphones’ default browser. Manually close each tab of such browsers. Remember not to log in to any of your apps until you run a scan using BitDefender or Malwarebytes. There are some paid apps too that you can use.

The same goes for computers. If you clicked a link, the browser would be launched, and some sort of duplicate website would appear. Don’t tap or touch anywhere on the browser. Just click on the close browser button or use the Windows Task Manager to close the same. Run an antimalware scan before using other applications on the computer.

Read: Where to report Online Scams, Spam and Phishing websites?

Please comment and let us know if I left out anything in this phishing cheat sheet.

Related posts

• Sidee Looga Fogaadaa Khayaanada Khiyaamada iyo Weerarada?

• Waa maxay khiyaanada Whaling & sida loo ilaaliyo ganacsigaaga

• Waa maxay phishing iyo sida loo aqoonsado werarada phishing?

• Waa maxay Domains Parked iyo Doomaha Qulqulka?

• Iska ilaali Khiyaamada wax iibsiga ee Intarneedka & Fasaxa Xiliga Fasaxa

• Maxaa la sameeyaa marka Mac-gaagu barafoobo? 9 shay oo la isku dayo

• Jiirka ayaa ka sii lumaya Mac? 10 shay oo la isku dayo

• Apple Watch miyaanay lammaanayn? 7 shay oo la isku dayo

• Windows 11 Widgets ma shaqeeyaan? 7 shay oo la isku dayo

• 13 waxyaabood oo qabow oo aad ku samayn karto Google Chromecast

• Sida loo sameeyo xaashida Contact Video in Windows 10

• Microsoft Excel waxay fureysaa xaashi maran halkii faylka

• Apple Pay ma shaqaynayo? 15 shay oo la isku dayo

• Waan garanayaa eraygaaga sirta ah Sextortion waxay la soo noqotay awood dheeraad ah

• Qeexida Weerar ku buufida Password-ka iyo Difaaca naftaada

• IPhone ma kulushahay? 8 Wuxuu hagaajiyaa si uu wax u qaboojiyo

• Adapter Network Aan Shaqeyn? 12 shay oo la isku dayo

• Nalalka Philips Hue lama gaari karo? 7 shay oo la isku dayo

• Fayraska COVID-19 phishing, khayaanada, khiyaanada iyo qorshayaasha

• Raadinta Muuqaal Bing: 10 Waxyood oo Qabow oo aad ku Samayn Karto