1300 702 580
Log In

Learn

Learn more about cyber security with us.

Knowledge is key! Learn about cyber security threats and more to understand how to protect yourself and what risks are out there. 

What is the dark web?

The dark web is the part of the web that can only be accessed by means of special software, allowing users and operators to remain anonymous and untraceable. It is where you will find criminal activity.

 

Regular browsers can’t access dark web websites. The dark web use “Tor” servers which provides users complete anonymity while surfing the web. At the same time, dark web website publishers are also anonymous thanks to special encryptions provided by the protocol.

 

This makes it a great place for hackers and other criminals to sell any stolen information such as passwords and account details that they have extracted from you or someone you deal with.

 

So when there’s been a data breach, the chances are high the compromised information such as password details and credit card numbers will end up for sale on the dark web. It also has plenty of like log-in credentials, such as hacked Spotify and Netflix accounts.

 

The buyers of the information will use cryptocurrency such as Bitcoin, to ensure buyers and sellers remain anonymous.

Trust us, don't search the dark web.

The dark web is not a place you want to be searching yourself, unless you are very careful. Getting to the dark web is actually easier than you might think, you just need to download a dark web browser, like the Tor browser.

 

We don’t recommend it. Among other reasons, it is populated by criminals who given a chance will likely try to exploit you. If you click on any links it’s possible you could be downloading a file that could infect your device with a virus. Not surprisingly, a lot of these people would be willing to hack your devices. They might, for example, try to hijack your Webcam with a remote administration tool also known as a RAT ( we always suggest you should cover your webcam when not in use).

 

Finding material on the dark web is much more difficult than using a search engine like Google because the dark web doesn’t have an index or ranking system to help you find what you need.

Phishing Attacks

Phishing is a type of email or SMS attack used to steal user data, including login details and credit card numbers. It occurs when an attacker, pretending to be a trusted company or provider, cons a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack ( where to unfreeze it requires you to pay a ransom for an unlock code) or the disclosure of sensitive information.

 

 

Phishing is also often used to gain a foothold in corporate networks as part of a larger attack. For example, employees are compromised in order to bypass security measures, distribute malware inside a closed environment or gain access to secured data.

What a phishing attack looks like.

A common phishing scam example is:

  • A spoofed email is received that looks to be from a trusted source such as a bank or telephone company;
  • The email claims that the user’s password is about to expire. Instructions are given to go to a website address that is slightly different to the real address ( and is in fact the website of the attacker).

A number of things can then occur:

  • The user is redirected to a bogus page appearing exactly like the real renewal page, where both new and existing passwords are requested. The attacker, monitoring the page, hijacks the original password to gain access to relevant system; or
  • The user is sent to the actual password renewal page. However, while being redirected, a malicious script activates in the background to hijack the user’s session cookie. This gives the hacker access to the relevant system.

Types of Phishing Attacks

Email

Email phishing is a numbers game. Even if only a small percentage of recipients fall for the scam, an attacker can net significant information and money.

 

The attacks are becoming more sophisticated. Many go to great effort to design phishing messages to mimic actual emails from a spoofed company. Using the same phrasing, typefaces, logos, and signatures makes the messages appear legitimate.

 

The attacker will usually try to push users into action by creating a sense of urgency. For example , an email that threatens account expiration in a short period of time. This can cause the recipient to be less diligent and more prone to fall for the scam.

 

While messages look legitimate they typically have a misspelled domain name.

Spear phishing

Spear phishing targets a specific person or business, as opposed to random users. It’s a more in-depth version of phishing that requires special knowledge about a business, including its staff, which can be found on line easily.

An attack might take the following form:

  • An attacker researches names of employees in a business and the names of any suppliers and projects.
  • Posing as an employee, the attacker emails another staff member (say in accounts) using a subject line that reads, Invoice for [name of project]. The text, style and logo duplicate the standard email template of the business.
  • A link in the email redirects to a password-protected internal document, which is aspoofed version of a stolen invoice.
  • The recipient is requested to log in to view the document. The attacker then steals his or her credentials, gaining full access to sensitive areas within the businesses network.

Subscribe to our newsletter!

Subscribe to our newsletter!

Twitter Linkedin Facebook

© 2023 Cybermate. All rights reserved.

Website by Blue Hat Green