Phishing (kaluumeysiga loogu dhawaaqo) waa nidaam kugu sasabo inaad bixiso macluumaadka shakhsiyeed adigoo isticmaalaya tignoolajiyada isgaarsiinta elektiroonigga ah sida iimaylada, adoo iska dhigaya inaad ka timid ilo sharci ah. Phishing waa mid ka mid ah hababka ugu dhaqsaha badan ee kor u kaca dembiyada onlaynka ah ee loo isticmaalo xatooyada macluumaadka shakhsi ahaaneed.

Waa maxay phishing?

Asal ahaan, iimaylka phishing wuxuu isku dayaa inuu helo macluumaad qiimo leh sida kaaga

• ATM/lambarka kaarka deynta
  
• Lambarka xisaabta bangiga
  
• Galitaanka akoonka onlaynka ah
• Lambarka bulshada, iwm.
  

Macluumaadka la xaday waxaa loo isticmaali karaa in lagu xado aqoonsiga ama laga xado lacagta akoonkaaga bangiga. Xatooyada aqoonsiga^(Identity) waxay ka dhigan tahay in buskuhu uu iska dhigi karo midka uu xogtiisa helay oo uu magacooda ku fuliyo hawlo kala duwan.

Noocyada caadiga ah ee phishing

phishingka waxaa lagu fuliyaa habab kala duwan. Kuwa ugu caansan waa emails, mareegaha, iyo telefoonka.

• Iimayl-la'aanta^{(Phishing Emails)} : iimaylo loo soo ekeysiiyay inay ka yimaaddeen ilo sharci ah ayaa loo diraa dhibbanaha inta badan iyagoo waydiinaya tafaasiisha hore loo sheegay.
• Shabakadda phishing-^{(Phishing websites)} ka: Shabakado la mid ah shirkado ama bangi oo run ah ayaa la sameeyay kuwaas oo marin habaabinaya dhibbanaha inuu galo faahfaahin muhiim ah sida magaca isticmaalaha iyo erayga sirta ah.
• Taleefanka phishingka^{(Phishing phone calls)} : Wicitaannada waxaa loogu yeeraa dhibbanayaasha magaca bangi ama machad la mid ah. Dhibbanaha waxaa loo sameeyay inuu galo ama sheego xogta sirta ah sida lambarka sirta^(PIN) ah.

Si faahfaahsan u akhri^{(Detailed read)} : Noocyada phishing-ka-Qiyaamada.^{(Types of Phishing – Cheat Sheet.)}

Astaamaha weerarada phishing

Kuwa soo socda waa qaar ka mid ah sifooyinka guud ahaan la xidhiidha iimaylka phishing ama mareegta.

• Isku xirka la soo bandhigay wuxuu noqon doonaa sawir halka xiriirka dhabta ah uu ka duwanaan karo.
• Xiriirinta dhabta ah waxaa lagu dabooli karaa iyadoo la isticmaalayo HTML . Sidaas darteed^(Thus) , qoraalka la soo bandhigay wuxuu noqon doonaa http://websitename.com/ halka habka hyperlink uu noqon doono http://www.othersite.com.
• Hab kale waa adiga oo isticmaalaya @ isku xirka. Haddii xiriirku ka kooban yahay calaamadda '@', URL- ka laguu qaaday wuxuu ahaan doonaa midka ka dambeeya calaamadda '@'. Tusaale ahaan, haddii xiriirku yahay www.microsoft.com/ [email protected] /?= run, URL- ka dhabta ah ee laguu qaadi doono waa web.com?=true .
• Xidhiidhada leh nambarada halkii magaca website-ka. Tusaale: www.182.11.22.2.com

FG: Si aad u aragto URL- ka, kaliya dul hee mouse-kaaga isku-xidhka (laakin ha gujin), xidhiidhiyaha ayaa la soo bandhigi doonaa.

• Naxwaha xun^(Bad) iyo higgaadda – Waxaa jirta fursad wanaagsan in iimayllada phishing ay ku jiraan naxwaha xun iyo khaladaadka higaada.
• Mareegaha phishing waxay u ekaan karaan si sax ah kuwii asalka ahaa, laakiin URLkoodu^(URL) wuxuu noqon karaa mid waxyar ama gebi ahaanba ka duwan. Sidaa darteed, hubi in URL- ku yahay midka saxda ah markaad booqato mareegaha.
• Sidoo kale, shabakadaha sharciga ah waxay u isticmaalaan SSL si ay u ilaaliyaan macluumaadkaaga marka la gelinayo xogtaada. Hubi^(Make) in URL- ku ka bilaabmo https:// beddelkii HTTP :// ee boggaga ay tahay inaad soo gudbiso magaca isticmaalaha/password-ka ama macluumaadka kale ee gaarka ah.

Akhriso: ^(Read:) Taxaddar aad samayso ka hor inta aanad gujin xidhiidh kasta^{(Precautions to take before you click on any link)} .

Xeerarka suulka si aad uga badbaado Phshing

• Haddii aad ka shakisan tahay boostada, ha gujin URL^(URLs) -yadooda hana soo dejin lifaaqyada. Waxaad sidoo kale ku soo wargelin kartaa iimaylada phishing^{(report Phishing emails)} ee Outlook.com.
• Ha uga jawaabin iimaylada shakiga leh macluumaadkaaga khaaska ah.
• Isticmaal browser-ka la socda ilaalinta phishing-ka sida noocyadii ugu dambeeyay ee IE, Firefox , Opera , Chrome , iwm. Waxay wataan liiska madow ee goobaha phishing-ga ee caanka ah kuwaas oo si joogto ah loo cusbooneysiiyo, haddii ay dhacdo inaad booqato mid ka mid ah bogaggan, way ku farxi doonaan. ku digtoonow.
• Isticmaal anti-virus-ka cusub oo cusub.
• Dabcan, isticmaal shaandhada spamka ee bixiyahaaga iimaylka
• Raac talooyinka xisaabinta badbaadada ah^{(Safe computing tips)} .

Kala duwanaanshaha phishing

Inta badan isticmaalayaasha kombuyuutarrada iyo kuwa wax ku dheehta intarneetka^(Internet) ayaa hadda ka warqaba phishing iyo noocyadeeda:

• Spear phishing ,
• Tabnabbing sidoo kale loo yaqaan Tabjacking.
  
• nibiriga^(Whaling)
• QRing
• Vishing and smishing khiyaanooyinka.

Ma arki kartaa weerarada phishing? Ma taqaanaa sida looga fogaado khiyaanada phishing^{(avoid Phishing scams)} ? Imtixaankan qaado SonicWall oo tijaabi xirfadahaaga Nala socodsii sida wanaagsan ee aad u heshay!

What is Phishing and how to identify Phishing Attacks?

Phishing (pronounced fishing) is a process which entices you to give out personal information by using electronic communication technologies such as emails, masquerading to be from a legitimate source. Phishing is one of the fastest rising online crime methods used for stealing personal information.

What is Phishing?

Basically, a phishing email attempts to obtain valuable information such as your

• ATM /credit card number
  
• Bank account number
  
• Online account logins
• Social security number, etc.
  

The stolen information could be used for carrying out identity thefts or stealing money from your bank account. Identity theft means that the cracker could disguise as the one whose information he has obtained and carry out various activities in their name.

Common types of Phishing

Phishing is carried out via various means. The most common ones are through emails, websites, and over the telephone.

• Phishing Emails: Emails masqueraded as from a legitimate source are sent to the victim most probably asking for the details mentioned earlier.
• Phishing websites: Websites that look similar to genuine companies or banks are setup that could mislead the victim into entering important details such as the username and password.
• Phishing phone calls: Calls are made to the victims in the name of a bank or similar institution. The victim is made to enter or tell confidential data such as a PIN number.

Detailed read: Types of Phishing – Cheat Sheet.

Characteristics of Phishing attacks

The following are some of the characteristics generally associated with a Phishing email or website.

• The link that is displayed will be an image while the actual link could be different.
• Actual links can be masked using HTML. Thus, the text displayed will be http://websitename.com/ while the hyperlink set will be http://www.othersite.com.
• Another method is by using @ in the link. If a link contains the ‘@’ sign, the URL you’re taken to will be the one after the ‘@’ sign. For example, if the link is www.microsoft.com/[email protected]/?=true, the actual URL you will be taken to is web.com?=true.
• Links with numbers instead of the website name. Example: www.182.11.22.2.com

NB: To see the URL, just hover your mouse over the link (but don’t click), and the link will be displayed.

• Bad grammar and spelling – There’s a good chance that phishing emails might contain bad grammar and spelling mistakes.
• Phishing websites might look exactly like the original ones, but their URL might be slightly or completely different. Hence, make sure that the URL is the correct one when you visit a website.
• Also, legitimate websites use SSL for protecting your information when entering your data. Make sure that the URL starts with https:// instead of HTTP:// for pages where you have to submit username/password or other private information.

Read: Precautions to take before you click on any link.

Thumb rules to stay safe from Phishing

• If you find a mail suspicious, do not click its URLs or download attachments. You can also report Phishing emails in Outlook.com.
• Do not reply to suspicious emails with your personal information.
• Use a browser that comes with phishing protection such as the latest versions of IE, Firefox, Opera, Chrome, etc. They come with blacklists of known phishing sites that are regularly updated, and if you happen to visit any of these sites, they will alert you.
• Use a good up to date anti-virus.
• And of course, make use of your email provider’s spam filters
• Follow Safe computing tips.

Variants of Phishing

Most computer users and Internet surfers are now aware of Phishing and its variants:

• Spear Phishing,
• Tabnabbing also called as Tabjacking.
  
• Whaling
• QRishing
• Vishing and Smishing scams.

Can you spot Phishing attacks? Do you know how to avoid Phishing scams? Take this test by SonicWall and test your skills Let us know how well you fared!

Related posts

• Sidee Looga Fogaadaa Khayaanada Khiyaamada iyo Weerarada?

• Noocyada Phishing-Sheet-qiyamka iyo Waxyaabaha aad u baahan tahay inaad ogaato

• Waa maxay khiyaanada Whaling & sida loo ilaaliyo ganacsigaaga

• Waa maxay Domains Parked iyo Doomaha Qulqulka?

• Iska ilaali Khiyaamada wax iibsiga ee Intarneedka & Fasaxa Xiliga Fasaxa

• Fayraska COVID-19 phishing, khayaanada, khiyaanada iyo qorshayaasha

• Waa maxay sababta Microsoft ay qoraal iigu soo dirayso? Ma dhab baa mise waa phishing?

• Qeexida Weerar ku buufida Password-ka iyo Difaaca naftaada

• Waan garanayaa eraygaaga sirta ah Sextortion waxay la soo noqotay awood dheeraad ah

• Waa maxay Spear phishing? Sharaxaada, Tusaalooyinka, Ilaalinta