Gone Phishing: 5 Security Terms You Need to Know

Christian Cawley 11-11-2015

Staying in control of your online security and privacy is tricky. When you’re trying to work out which is the best online security suite to protect your computer and data, you also have to get your head around the threats posed by malware, spam emails, and identity theft.


To help you appreciate these threats, we have compiled a list of the five most common online security terms.

Phishing: No Rod Required

Perhaps the most important term that you need to be aware of in the world of digital security is “phishing”. It’s essentially a basic con, performed online, and involves the scammer posing as a reputable entity in email, via instant messaging, or by phone. Their aim is to gather as much information about you as possible, in order to make their job of later posing as you easier.

Yes: this is the main tool in the identity thief’s armory, a technique that can empty bank accounts and ruin lives.

Drawing you into the web of deceit is usually an email message that looks genuine. This may have an attachment carrying a malware payload, which you’re required to open and install (perhaps a keylogger will begin recording every subsequent keystroke).

More likely, however, is that the official-looking email (perhaps posing as a bank, online store, or payment service like PayPal The 8 Best PayPal Alternatives for Making Online Payments PayPal is the biggest online payment provider, but it's not the only one. Here are the best alternatives to PayPal you can try. Read More ) will ask you to click a link that takes you to a website. Again, this is a fake, and will be used to record the details you enter (typically a username and password).


Phishing can be avoided by not clicking links in suspicious emails. If the emails are not immediately suspicious, then simply don’t click links in unexpected emails from banks, stores, payment services, credit card companies, and even utilities. Simply open a new tab in your browser, type in the web address, and login that way. Once in, you’ll be able to confirm whether the message was legitimate or not. You should also employ anti-keylogging tools Don't Fall Victim to Keyloggers: Use These Important Anti-Keylogger Tools In cases of online identity theft, keyloggers play one of the most important roles in the actual act of stealing. If you’ve ever had an online account stolen from you - whether it was for... Read More .

Online banks will not ask you for your credentials or other personal information via email. Keep this in mind to beat phishing.

Is Your PC in a Botnet?

If your computer is part of a zombie army or botnet, the chances are that you won’t know. Using a distributed computing model, botnets are groups of computers that have been co-opted to forward spam emails and viruses to other computers on the Internet.

Botnets can also be used to target specific computers or servers, which can result in a distributed denial of service attack (DDOS) which can knock a site offline.


Kaspersky Labs and Symantec have both separately claimed that botnets pose a bigger threat to online security and safety than viruses or worms, but protecting your hardware from being drawn into a zombie army that wreaks havoc on other computers is relatively simple.

First, ensure your PC is up to date. This essentially means abandoning archaic operating systems like Windows XP and Vista and upgrading to the most suitable OS for your hardware. Once this is done, install a secondary firewall Which Free Firewall For Windows Is Best For You? We place emphasis on antivirus and malware removal, but don't ignore firewalls. Let's take a look at the best free Windows firewalls, comparing ease of setup, ease of use, and availability of features. Read More and an antivirus/anti-malware tool, such as Malwarebytes Antimalware 5 Reasons to Upgrade to Malwarebytes Premium: Yes, It's Worth It While the free version of Malwarebytes is awesome, the premium version has a bunch of useful and worthwhile features. Read More . You can also use a full Internet security suite to cover both requirements with a single install. PCs can be zombified via an unprotected port, perhaps controlled by a Trojan that sits awaiting activation.

Domain and Website Spoofing

Domain spoofing is the art of providing a domain name that looks genuine, but in fact takes the user to a scam website. Such an example might be:



URLs might seem complicated, but they’re really not. Once you understand that everything before and after the .com (or .net, .org, etc.) refers to a folder on a web server, and that the middle section of is the domain name, it should be obvious that the spoofing takes place by presenting a recognized name in the address bar, but just in the wrong position.

Domain spoofing needs a little more than this, however. To complete the illusion, genuine graphics are farmed from legitimate websites, and used in conjunction with CSS to present a convincing clone of the site you think you’re visiting. This might be achieved using a penetration tester, as shown here:


Spoofed websites are typically used in conjunction with phishing, and the personal data that is subsequently entered can then be used by scammers to clone digital identities, perhaps using your details to create a bank account, take out a loan, get a credit card, etc.

Have You Been Pharmed?

Pharming is an alternative method of redirection. Rather than relying on the target clicking a link to the spoofed URL, it uses malware to update the hosts file. This means that when a legitimate URL is entered, the browser will be diverted to the scammer’s preferred location. Browser hijackers use updates to the hosts file How Do I Stop Malware From Redirecting My Web Searches? The Windows Hosts file is used to map hostnames to IP addresses. But it's often the case that it's modified by malware, often with unfortunate consequences for the end user. Here's how you can regain... Read More , too.

Anti-malware tools can be used to detect malicious software designed to add entries to the hosts file; a full Internet security suite (such as Bitdefender Bitdefender Total Security 2016 Giveaway; Parrot Bebop Quadcopter with Skycontroller Bundle! With Bitdefender Total Security 2016 now available, we take a look at how it improves on the previous release, whether it deserves its position at the top of the pile of online security suites for... Read More ) should be able to detect such changes. You can also check the hosts file manually What Is the Windows Host File? And 6 Surprising Ways to Use It The Windows Hosts file allows you to define which domain names (websites) are linked to which IP addresses. It takes precedence over your DNS servers, so your DNS servers may say is linked to... Read More .

Spam and Spim

You probably know spam. It’s the name given to the avalanche of unsolicited emails that we receive on an hourly basis, and can often contain malware or links to facilitate phishing.

Spam gets its name from the famous Monty Python sketch, in which virtually the only thing on the menu in a “greasy spoon” café is spam, spam and more spam.

But are you aware of spim?

This is a concatenation of three words, “spam” and “instant messaging”. You can probably see where this is going. Instant messaging has long been an avenue for scammers to target users; the old days of Windows Messenger and Microsoft Instant Messenger resulted in a landslide of spam messages and unsolicited contact requests. Since Microsoft purchased Skype, this service has also found itself a target medium for spim messages. Snapchat, WhatsApp and other current messaging services are also subject to such transmissions.

Spim messages are almost always sent by botnets. You can avoid them by reducing your exposure to messaging services and ensuring your security settings on the instant messengers you use are configured correctly. Skype has a large selection of privacy settings Use These Skype Privacy Settings to Secure Your Account Is your Skype account secure? Do you have the best privacy settings configured on your desktop or mobile Skype app? We look at how to secure your account when using the popular VOIP service. Read More that you should be using.

Have you found yourself a victim of any of these methods to defraud you? We want to hear from you – tell us about it in the comments.

Related topics: Computer Security, Online Security, Phishing, Spam.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *