Example Scenarios Made With e-mail And Precautions That We Have To Take

M3m0ry

M3m0ry

Kıdemli Üye
3 Haz 2017
4,410
124
3
xD
6Uq5uy.gif


Identity Hunt Attacking

One Scenario example of a identity hunt swindler's attempt;

A fake email is sent to so many users.

This e-mail says "There is a copyright in your one post". Also, It says "You need to renew your password. Go to instagramfakecopyright.cf"

That mail:

qdrw10.png


You need to use VPN for clicking that links. There can be iplogger or something.

B0yqzl.png


As you can see, we are seeing a fake script. There will be many people believe that.

Ba2m8i.png


This form wants your username password, your e-mail and e-mail password. You can protect yourself with reading my this heading; "How can we protect ourselves for identity hunting"

You can see something with clicking that emails. For example;

User directs instagramfakescript.cf with clicking that link. That page wants your password and your informations. And, Attacker steals your original password for access to safe zone in Instagram web. User directs to original password renewing page. But attacker started malwares in backround. So, while that user directing to real password into renewing page, the attacker reaches that password.

6Uq5uy.gif


E-mail Identity Hunt Swindlers

E-mail identity hunting is a number game. An attacker who sends thousands of short messages for fraud can clarify the information and aggregate amounts even if only a small percentage of recipients decrease for the trick. Attackers use some technics for increase their successes.

Firstly, they spend much effort for imitate real e-mails. They need to make their fake e-mails like legal e-mails. So, they use some logos, text characters, signatures etc.

Also, they try to make victim feel urgent. They threat victims. For example; they can say "Your e-mail's duration almost full" or something like this. If victim believes this, he/she will be vulnerable.

While attackers are taking their url's, they try to make like real url. For example;

fQnI65.png


6Uq5uy.gif


How can we protect ourselves from identity hunting ?

Users need to be awake. Fake e-mails generally contain mistakes. Sometimes they have text mistakes or domain mistakes. So, users must think "Why did I get this e-mail".

Business accounts, can use these steps for decrease spear identity hunting and identity hunting attacks;

Two factored verification (2FA)is a best method for identity attacks. Because it adds an extra verification layer. 2FA is based on two things that users have; password and username or like devices somethings user had. If workers' personal informations are violated, 2FA blocks to use that informations harmfuly. Because that informations not enough for sign in.

Also, business accounts must use strict password management policy. Workers frequently need to change their passwords. They shouldn't use same password for a lot applications.

Don't click unnecessary links is a way of decrease identity hunting attacks.​

Source:​
https://www.turkhackteam.org/sosyal...k-senaryolar-ve-almamiz-gereken-onlemler.html

Translater: M3m0ry
 
Son düzenleme:
Cevap yazmak için giriş yap yada kayıt ol.
Üst

Turkhackteam.org internet sitesi 5651 sayılı kanun’un 2. maddesinin 1. fıkrasının m) bendi ile aynı kanunun 5. maddesi kapsamında "Yer Sağlayıcı" konumundadır. İçerikler ön onay olmaksızın tamamen kullanıcılar tarafından oluşturulmaktadır. Turkhackteam.org; Yer sağlayıcı olarak, kullanıcılar tarafından oluşturulan içeriği ya da hukuka aykırı paylaşımı kontrol etmekle ya da araştırmakla yükümlü değildir. Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz. Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.