At present, some online illegal and criminal activities that use "phishing" techniques, such as establishing fake websites or sending emails containing fraudulent information, stealing account passwords of online banking, online securities or other e-commerce users, thereby stealing user funds.
Public security organs and relevant departments such as banks and securities remind online banking, online securities and e-commerce users to be vigilant about this and prevent being deceived.
The main method of "phishing"
First, send emails to lure users into traps with false information. Scammers send fraudulent emails in the form of spam. These emails mostly use winnings, consultants, reconciliation and other content to lure users into their financial accounts and passwords, or require the recipient to log in to a certain webpage to submit username, password, ID number, credit card number and other information, and then steal user funds.
A "phishing" email was discovered in February this year that defrauded Smith Barney users of the account and password. The email took advantage of the IE image mapping address spoofing vulnerability and carefully designed the script program to block the IE browser's address bar with a pop-up window showing fake addresses (red box below), making it impossible for users to see the real address of this website. When a user opens this message with an unpatched Outlook, the link displayed in the status bar is fake. As shown in the picture:
When the user clicks on the link, the actual connection is the phishing website http://**.41.155.60:87/s. The page of this website resembles the login interface of the Smith Barney Bank website, as shown in the following figure:
Once the user enters his/her account password, this information will be stolen by the hacker.
The second is to establish fake online banking and online securities websites to defraud user accounts and passwords to commit theft. Criminals have established websites with domain names and web content that are very similar to real online banking systems and online securities trading platforms, luring users to enter account passwords and other information, and then steal funds through real online banking, online securities systems or forged bank savings cards and securities trading cards; some use cross-site scripts, that is, using loopholes in legal website server programs, insert malicious Html codes into certain web pages of the site, blocking some important information that can be used to distinguish the authenticity of the website, and using cookies to steal user information.
For example, a fake banking website that has appeared has the URL http://, and the real banking website is that criminals use the characteristics of the number 1 and the letter i to try to deceive careless users.
For example, a fake company website discovered in July 2004 (the URL is http://), and the real website is that scammers use the trick of the lowercase letter l and the number 1 very similar. Scammers spread false news that "XX Group and XX Company jointly gave QQ coins" through QQ, luring users to visit. As shown in the figure below:
Once you visit the website, a pop-up window is first generated with a false message "Free QQ Coins for Free". Just as the pop-up window appears, the malicious website homepage downloads the virus program () through various IE vulnerabilities in the background, and automatically turns to the real website homepage after 2 seconds. The user is infected with the virus without any awareness. As shown in the figure below:
After the virus program is executed, another virus program on the website will be downloaded to steal the user's legendary account, password and game equipment. When a user chats through QQ, a message containing a malicious URL will also be automatically sent.
The third is to use false e-commerce to commit fraud. Such criminal activities are often the establishment of e-commerce websites or the publication of false product sales information on more well-known and large e-commerce websites. The criminals disappear after receiving the victim's shopping remittance. For example, in 2003, the criminal She established the "Free Equipment Network" website, publishing false information such as selling spy equipment and hacking tools, and tricking the customer into remitting the purchase money into an account opened in multiple banks with a false identity, and then transferring the money.
Except for a few criminals who set up their own e-commerce websites, most people use false information on well-known e-commerce websites, such as "eBay", "Taobao", "Alibaba", etc., to sell various products in the name of so-called "super low price", "tax-free", "smuggled goods", and "charity sales", or use inferior products as good products as good products and smuggled goods as free products. Many people are deceived by the temptation of low prices. Online transactions are mostly off-site transactions, and usually require remittance. Criminals generally require consumers to pay part of the money first, and then trick consumers into paying balances or other forms of money for various reasons. When they get the money or are seen through, they will immediately cut off contact with the consumers.
Fourth, use *s and hacking technology to steal user information and then carry out theft activities. * makers spread * programs by sending emails or hiding *s on the website. When users infected with *s conduct online transactions, the * program obtains the user account and password through keyboard records and sends it to the designated email address, and the user's funds will be seriously threatened.
For example, Troj_HidWebmon, a * that steals a bank's personal online bank account and password, appeared online last year, and its variants, can even steal user digital certificates. Another example is the * "Securities Thieves" that appeared last year. It can save the user's web page login interface as a picture through screenshots and send it to the designated email address. By comparing the mouse click position in the picture, hackers are likely to decipher the user's account and password, thereby breaking through the soft keyboard password protection technology and seriously threatening the security of stock investors' online securities trading.
For example, in March 2004, Chen stole funds from bank depositors. Chen planted a * on his personal web page to the visitor's computer, and then stole the visitor's bank account and password, and then committed theft through electronic bank transfer.
Take the "QQ Thieves" * virus (*/.) implanted in the Xinhua Bookstore website of a certain city (http://www.**) as an example. When entering the website, the page displays nothing suspicious:
However, the home page code opens another malicious web page/() in a hidden way in the background. The latter uses the MHT file download and execution vulnerability of IE browser to download malicious CHM files/unknown to the user and run the * program embedded in it (*/.). After the * program runs, it will copy itself to the system folder:
At the same time, add registry keys. When Windows starts, the * will run automatically and will steal the user's QQ account, password and even identity information.
Fifth, use vulnerabilities such as user weak passwords to crack and guess user account and password. Criminals took advantage of the loopholes in which some users are greedy for convenient setting of weak passwords to crack bank card passwords. For example, in October 2004, three criminals searched for a bank's savings card number online, then logged into the bank's online banking website, tried to crack weak passwords, and succeeded repeatedly.
In fact, criminals often use the above methods to interweave and cooperate in the process of committing online fraud criminal activities, and some conduct various "phishing" illegal activities through mobile phone text messages, QQ, and msn.
"Phing" prevention knowledge
In response to the online fraud methods commonly adopted by the above criminals, the majority of online electronic finance and e-commerce users can take the following precautions:
(1) In response to email fraud, netizens should be vigilant if they receive emails with the following characteristics and do not open and listen to them easily: First, forge the sender's information, such as ABC@; Second, greetings or opening remarks often imitate the tone and tone of the fake unit, such as "Dear User"; Third, the content of the email is mostly to convey urgent information, such as account status, which will affect normal use or claim that the account information is being updated through the website, etc.; Fourth, request personal information and require users to provide passwords, accounts and other information. Another type of emails uses ultra-low prices or customs inspections to deceive consumers.
(2) In response to the situation of fake online banking and online securities websites, the majority of online electronic finance and e-commerce users should pay attention to the following points when conducting online transactions: First, check the URL to see if it is consistent with the real URL; Second, choose and keep the password well, and do not choose passwords such as ID number, date of birth, telephone number, etc. as passwords. It is recommended to use letters and numbers to mix passwords, and try to avoid using the same password in different systems; Third, keep transaction records, record the transfer and payment services handled by online banking, online securities and other platforms, regularly check the "historical transaction details" and print business statements, such as If abnormal transactions or errors are found, contact the relevant units immediately; fourth, manage the digital certificates well and avoid using the online trading system on public computers; fifth, be vigilant about abnormal dynamics. If you accidentally enter your account and password on a strange website and encounter prompts like "system maintenance", you should immediately call the relevant customer service hotline for confirmation. In case of information stolen, you should immediately modify the relevant transaction password or report loss of bank card and securities transaction card; sixth, log in to the payment gateway through the correct program and enter through the officially published website. Do not enter through the URL found by the search engine or other unknown websites.
(3) In response to the situation of false e-commerce information, netizens should master the following characteristics of fraudulent information and not be deceived: First, false shopping and auction websites look relatively "formal", including company name, address, contact number, contact person, email address, some also have Internet information service filing numbers and credit qualifications; Second, the transaction method is single, and consumers can only purchase through bank remittance, and the recipients are individuals, not companies, and the ordering method is to pay first and then ship; Third, the method of fraudulent consumers' payment is exactly the same. When the consumer remits the first payment, the scammer will call the remitter to remit any fees such as balance, risk funds, deposits or taxes for various reasons, otherwise the goods will not be shipped, and there will be no refunds. Some consumers are forced to remit the first payment and continue to remit with a lucky mentality; Fourth, before conducting online transactions, they must have a comprehensive understanding of the qualifications of the transaction website and the counterparty.
(IV) Other network security precautions. First, install firewalls and antivirus software and upgrade them frequently; second, pay attention to patching the system frequently to block software loopholes; third, prohibit browsers from running JavaScript and ActiveX code; fourth, do not go to some websites you don’t know much, do not execute software that has not been treated with antivirus after downloading from the Internet, do not open unknown files transmitted on msn or QQ; fifth, improve self-protection awareness, pay attention to properly keeping your private information, such as your ID number, account number, password, etc., and do not disclose it to others; try to avoid using online e-commerce services in public places such as Internet cafes.
If users find illegal and criminal activities such as online fraud, theft, etc., you can report to the Ministry of Public Security Network Illegal Cases Reporting Center/upreport/.