Content
1. Hacking & Phishing 2. What is hacking? 3. How hackers discover your PC’s address? 4. How does a firewall work? 5. What is Phishing? 5.1 Introduction 5.2 Types of Phishing 5.2.1 Clone Phishing 5.2.2 Spear Phishing 5.2.3 Phone Phishing

1. Hacking & Phishing
No, we're not talking about baiting the hook while you have a bad cold. Hacking and Phishing are two very different types of computer security threats. Hacking is an extremely y high tech attack which requires you to take certain precautions to protect your computer and al l of the data which is stored in it. Phishing, on the other hand, i s decidedly low tech and just requires a dose of common sense to ward off the dangers.

2. What is hacking?
Because the Internet is simply a network of computers that are al l tied together, every one of them (including yours) has the capability to "talk" to any other one. That means that a determined criminal can gain unauthorized zed entry to your PC once he knows your computer's "address". These criminal s are called "hackers".

3. How hackers discover your PC’s address?
Your computer l eaves its address al l over the Internet whenever it visits a web site. The addresses can be found in the log files which are automatically generated by every web server among other pl aces. Some hackers use what is known as "port scanning" software which simply goes out on the Internet and el electronically knocks" on the door of every connected computer it can find to see if any will them hi m in. Once a hacker gains access to your computer he can read anything that's stored on your hard drive. He can install programs which will monitor 9/15/13 Phishing & Hacking Attacks www.londonancestor.com/security /secure-pc.htm 2/5your key strokes and send sensitive passwords and user names back to hi s l air, and he can even get copies of your credit card and bank account numbers. Once a hacker gets this information he will proceed to steal you blind. How to protect yourself against hackers the best method is to use what i s known as a "firewall ". This is a piece of hardware, or software, or both which is designed to make your computer "invisible" on the Internet.

4. How does a firewall work?
A firewall works by blocking the "ports", or doors, which hackers commonly use to gain entrance. Once those ports are blocked the hacker can no longer "see" your computer and, thus, is unable to attack it. The new version of Windows XP comes with a built-in firewall program which may be al l that you need to keep your computer safe. Some cable modem and DSL providers al so configure your Internet modem to act as a firewall . In addition there are commercial firewalls available which run from simple to very sophisticated.

5. What is Phishing?
Phishing is a term that's applied to the l attest identify theft scam where potential thieves and con men use fake e-mail messages, which look very real sometimes, to con you into giving up credit card, bank and other sensitive financial and personal information. Once you give it up they proceed to clean you out and/or steal your identity and run up thousands of dollars worth of debt in your name. Al though some phishing excursions take pl ace over the telephone, where people cal l up and pretend to be someone that they are not, most of the attacks come in the way of e-mail messages. These messages look very official and purport to come form your bank, charge card company, brokerage house and even government agencies. These con men go to the website of the company or agency that they are impersonating, steal the graphics and logos and then proceed to put together an email which looks like it actually came from a valid source. The email may say that your account is about to be suspended unless you "verify" your personal information, or they may contain some other important or urgent-sounding request. What they al l have in common is that they require you to click on a link that's embedded in the email and then fill

out some form that asks for your PIN code, credit card number, bank account number, social security or tax ID and anything el se that they think that they can get away with asking you. Once they have that information - you're toast.

5.1 Introduction
Phishing is a form of social engineering in which an attacker, also known as a phisher, attempts to fraudulently retrieve legitimate users' condential or sensitive credentials by mimicking electronic communications from a trustworthy or public organization in an automated fashion. The word phishing" appeared around 1995, when Internet scammers were using email lures to \sh" for passwords and nancial information from the sea of Internet users; \ph" is a common hacker replacement of \f ", which comes from the original form of hacking, phreaking" on telephone switches during 1960s [16]. Early phishers copied the code from the AOL website and crafted pages that looked like they were a part of AOL, and sent spoofed emails or instant messages with a link to this fake web page, asking potential victims to reveal their passwords.

5.2 Types of Phishing
Phishing has spread beyond email to include VOIP, SMS, instant messaging, social networking sites, and even multiplayer games. Below are some major categories of phishing.

5.2.1 Clone Phishing
In this type phisher creates a cloned email. He does this by getting information such as content and recipient addresses from a legitimate email which was livered previously, then he sends the same email with links replaced by vicious ones. He also employs address sponge so that the email appears to be from the original sender. The email can claim to be a re-send of the original or an updated version as a trapping strategy .

5.2.2 Spear Phishing
Spear phishing targets at a specific group. So instead of casting out thousands of emails randomly, spear phishers target selected groups of people with something in common, for example people from the same organization. Spear phishing is also being used against high-level targets, in a type of attack called \whaling". For example, in 2008, several CEOs in the U.S. were sent a fake subpoena along with an attachment that would install malware when viewed. Victims of spear phishing attacks in late 2010 and early 2011 include the Australian Prime Minister's once, the Canadian government, the Epsilon mailing list service, HBGary Federal, and Oak Ridge National Laboratory .

5.2.3 Phone Phishing
This type of phishing refers to messages that claim to be from a bank asking users to dial a phone number regarding problems with their bank accounts. Traditional phone equipment has dedicated lines, so Voice over IP, being easy to manipulate, becomes a good choice for the phisher. Once the phone number, owned by the phisher and provided by a VoIP service, is dialed, voice prompts tell the caller to enter her account numbers and PIN. Caller ID spoon, which is not prohibited by law, can be used along with this so that the call appears to be from a trusted source .