The main method and prevention of "Internet fishing": At present, some "online fishing" methods on the Internet, such as establishing fake websites or sending emails containing fraudulent information, steal online banking, online securities or other e -commerce users The account password, thereby stealing the number of illegal and criminal activities of user funds.
The relevant departments such as public security organs, banks, securities, etc. remind online banks, online securities and e -commerce users to be vigilant and prevent being deceived.
The main methods of "Internet fishing"
It is to send emails to seduce users in the circle with false information. The scammers send a large number of fraud emails in the form of spam. These emails are mostly seduced by the winning, consultants, and reconciliations to seduce users to fill in the financial account and password in the mail A web page submits information such as username, password, ID number, credit card number, etc., and then steal user funds.
If an account and password "network fishing" email discovered in February this year, the account number and password of the Smith Barney user, which uses IE's picture mapping address to deceive the vulnerabilities and carefully carefully Design script program, use a pop -up window (as shown in the red box below) with a fake address, cover the address bar of the IE browser, and the user cannot see the real address of this website. When the user opens this email with an unporied Outlook, the link displayed by the status bar is false. As shown in the figure:
Is when the user clicks the link, the actual connection is the fishing website **. 41.155.60: 87/s. The website page resembles the login interface of the Smith Barney bank website, as shown in the figure below:
and the user once entered its account password, this information will be stolen by hackers.
It is to establish counterfeit online banking and online securities websites to deceive the user account password to implement theft. Criminals established domain names and webpage contents that are very similar to the real online banking system and online securities trading platforms, to seduce users to enter account passwords and other information, and then through real online banking, online securities systems or forgery bank savings cards, securities transactions, securities transactions Card theft funds; others use cross -site script, that is, use loopholes on the legal website server program to insert a malicious HTML code in some webpages on the site, block some important information that can be used to identify the authenticity of the website, and use cookies to use cookies. Stealing user information.
If a fake bank website that has appeared, the website is, and the real banking website is that criminals use numbers 1 and letter i very similar to trying to blindly careless users.
If a fake company website (website) found in July 2004, and the real website is, the scammer uses a lower -hand letter L and numbers 1 with similar obstacles. The scammers scattered the false news of "XX Group and XX Company and XX Company" to seduce users to visit. As shown in the figure below:
Once you visit the website, the first pop -up window is generated, which shows the false message "Free QQ coins". While the pop -up window appeared, the home page of the malicious website downloaded the virus program Lenovo.exe (. Rlay) through a variety of IE vulnerabilities and automatically turned to the real website homepage after 2 seconds. The virus was infected in the perception. As shown in the figure below:
Privirus program is executed, and another virus program on the website BBS5.Exe will be downloaded to steal the user's legendary account, password and game equipment. When users chat with QQ, they will automatically send messages containing malicious URLs.
It is to use false e -commerce for fraud. Such criminal activities often establish e -commerce websites, or publish false product sales information on relatively well -known and large e -commerce websites. Criminals disappear after receiving the victim's shopping remittance. For example, in 2003, the offender Xun established a "Strange Equipment Network" website to release false information such as spy equipment and hackers, deceiving the owner to send the purchase payment into the account opened in multiple banks with a false identity, and then transfer the money to the money Cases.
Except for a few criminals to establish e -commerce websites themselves, most people use on well -known e -commerce websites, such as "easy fun", "Taobao", "Alibaba", etc. The so -called "ultra -low price", "tax exemption", "smuggling goods", and "charity sale" sell various products, or charges the goods in the secondary, charging the goods at the smuggling goods, and many people are deceived under the temptation of low prices. Most online transactions are off -site transactions, and remittances are usually required. Crusters generally require consumers to pay some models first, and then deceive consumers to pay for the balance or other names of the names. When they get the money or be recognized, they immediately cut off their contact with consumers.
The fourth is to use Trojan and hackers to steal user information and implement theft activities. Trojans maker disseminate the Trojan horse program by sending emails or hiding Trojans in the website. When users infected with Trojans conduct online transactions, the Trojan program obtains the user account and password in a keyboard record, and sends it to the designated mailbox. Users users. Users users. Users. Users. Users. Users. Users. Fund will be severely threatened.
If the Troj_hidwebmon and its variants that stole a bank account and password that appeared online last year, it can even steal the user digital certificate. Another example is the Trojan "Securities Thief" that appeared last year. By the clicks of the mouse in the picture, the hacker is likely to break the user's account number and password, thereby breaking the soft keyboard password protection technology and seriously threatening the security of online securities transactions in shareholders.
If in March 2004, Chen had a case of storage of banks in the storage of banks. Chen cultivated a trojan to the visitor's computer through his personal webpage, and then stole the visitors' bank accounts and passwords. Transfer and implement theft.
It, a "QQ stealing" Trojan/PSW.qqrobber.14.b) is implanted as an example. After entering the website, there is no doubt on the page display:
but the homepage code opens another malicious webpage in the background in the background. MHT file download execution vulnerabilities, download malicious chm file/secyfox.js in the user's unknown and run the Trojan/PSW.qqrobber.14.b) embedded. After the Trojan program is running, it will copy itself to the system folder:
In adding a registry item at the same time. When Windows starts, the Trojan can run automatically, and the user QQ account number, password and even identity information will be stolen. Essence
The fifth is to use vulnerabilities such as user weak passwords to crack and guess the user account and password. The criminals use some users to greedy the loopholes of weak passwords to crack the bank card password. For example, in October 2004, the three criminals searched from the Internet to search for a bank savings card number, and then logged in to the bank's online banking website, tried to crack the weak password, and repeatedly succeeded.
In fact, in the process of implementing criminal activities of cyber fraud, criminals often adopt the above methods to interweave and cooperate. "Internet fishing" illegal activities.
It should not be counted as loopholes. You are talking about the fishing website generally appeared in online shopping. Some websites are disguised as some online banking websites. When you click on online banking, you are linked to these fishing websites. The website It looks similar to the real online banking. I lie to you to enter your account password, and then stole your money The detection of fishing websites in Microsoft IE7.
The main method and prevention of "Internet fishing":
At present, some "online fishing" methods on the Internet, such as establishing fake websites or sending emails containing fraudulent information, steal online banking, online securities or other e -commerce users The account password, thereby stealing the number of illegal and criminal activities of user funds.
The relevant departments such as public security organs, banks, securities, etc. remind online banks, online securities and e -commerce users to be vigilant and prevent being deceived.
The main methods of "Internet fishing"
It is to send emails to seduce users in the circle with false information. The scammers send a large number of fraud emails in the form of spam. These emails are mostly seduced by the winning, consultants, and reconciliations to seduce users to fill in the financial account and password in the mail A web page submits information such as username, password, ID number, credit card number, etc., and then steal user funds.
If an account and password "network fishing" email discovered in February this year, the account number and password of the Smith Barney user, which uses IE's picture mapping address to deceive the vulnerabilities and carefully carefully Design script program, use a pop -up window (as shown in the red box below) with a fake address, cover the address bar of the IE browser, and the user cannot see the real address of this website. When the user opens this email with an unporied Outlook, the link displayed by the status bar is false. As shown in the figure:
Is when the user clicks the link, the actual connection is the fishing website **. 41.155.60: 87/s. The website page resembles the login interface of the Smith Barney bank website, as shown in the figure below:
and the user once entered its account password, this information will be stolen by hackers.
It is to establish counterfeit online banking and online securities websites to deceive the user account password to implement theft. Criminals established domain names and webpage contents that are very similar to the real online banking system and online securities trading platforms, to seduce users to enter account passwords and other information, and then through real online banking, online securities systems or forgery bank savings cards, securities transactions, securities transactions Card theft funds; others use cross -site script, that is, use loopholes on the legal website server program to insert a malicious HTML code in some webpages on the site, block some important information that can be used to identify the authenticity of the website, and use cookies to use cookies. Stealing user information.
If a fake bank website that has appeared, the website is, and the real banking website is that criminals use numbers 1 and letter i very similar to trying to blindly careless users.
If a fake company website (website) found in July 2004, and the real website is, the scammer uses a lower -hand letter L and numbers 1 with similar obstacles. The scammers scattered the false news of "XX Group and XX Company and XX Company" to seduce users to visit. As shown in the figure below:
Once you visit the website, the first pop -up window is generated, which shows the false message "Free QQ coins". While the pop -up window appeared, the home page of the malicious website downloaded the virus program Lenovo.exe (. Rlay) through a variety of IE vulnerabilities and automatically turned to the real website homepage after 2 seconds. The virus was infected in the perception. As shown in the figure below:
Privirus program is executed, and another virus program on the website BBS5.Exe will be downloaded to steal the user's legendary account, password and game equipment. When users chat with QQ, they will automatically send messages containing malicious URLs.
It is to use false e -commerce for fraud. Such criminal activities often establish e -commerce websites, or publish false product sales information on relatively well -known and large e -commerce websites. Criminals disappear after receiving the victim's shopping remittance. For example, in 2003, the offender Xun established a "Strange Equipment Network" website to release false information such as spy equipment and hackers, deceiving the owner to send the purchase payment into the account opened in multiple banks with a false identity, and then transfer the money to the money Cases.
Except for a few criminals to establish e -commerce websites themselves, most people use on well -known e -commerce websites, such as "easy fun", "Taobao", "Alibaba", etc. The so -called "ultra -low price", "tax exemption", "smuggling goods", and "charity sale" sell various products, or charges the goods in the secondary, charging the goods at the smuggling goods, and many people are deceived under the temptation of low prices. Most online transactions are off -site transactions, and remittances are usually required. Crusters generally require consumers to pay some models first, and then deceive consumers to pay for the balance or other names of the names. When they get the money or be recognized, they immediately cut off their contact with consumers.
The fourth is to use Trojan and hackers to steal user information and implement theft activities. Trojans maker disseminate the Trojan horse program by sending emails or hiding Trojans in the website. When users infected with Trojans conduct online transactions, the Trojan program obtains the user account and password in a keyboard record, and sends it to the designated mailbox. Users users. Users users. Users. Users. Users. Users. Users. Fund will be severely threatened.
If the Troj_hidwebmon and its variants that stole a bank account and password that appeared online last year, it can even steal the user digital certificate. Another example is the Trojan "Securities Thief" that appeared last year. By the clicks of the mouse in the picture, the hacker is likely to break the user's account number and password, thereby breaking the soft keyboard password protection technology and seriously threatening the security of online securities transactions in shareholders.
If in March 2004, Chen had a case of storage of banks in the storage of banks. Chen cultivated a trojan to the visitor's computer through his personal webpage, and then stole the visitors' bank accounts and passwords. Transfer and implement theft.
It, a "QQ stealing" Trojan/PSW.qqrobber.14.b) is implanted as an example. After entering the website, there is no doubt on the page display:
but the homepage code opens another malicious webpage in the background in the background. MHT file download execution vulnerabilities, download malicious chm file/secyfox.js in the user's unknown and run the Trojan/PSW.qqrobber.14.b) embedded. After the Trojan program is running, it will copy itself to the system folder:
In adding a registry item at the same time. When Windows starts, the Trojan can run automatically, and the user QQ account number, password and even identity information will be stolen. Essence
The fifth is to use vulnerabilities such as user weak passwords to crack and guess the user account and password. The criminals use some users to greedy the loopholes of weak passwords to crack the bank card password. For example, in October 2004, the three criminals searched from the Internet to search for a bank savings card number, and then logged in to the bank's online banking website, tried to crack the weak password, and repeatedly succeeded.
In fact, in the process of implementing criminal activities of cyber fraud, criminals often adopt the above methods to interweave and cooperate. "Internet fishing" illegal activities.
- -# do not know
It should not be counted as loopholes. You are talking about the fishing website
generally appeared in online shopping. Some websites are disguised as some online banking websites. When you click on online banking, you are linked to these fishing websites. The website It looks similar to the real online banking. I lie to you to enter your account password, and then stole your money
The detection of fishing websites in Microsoft IE7.