It means a private cinema, designed, as a rule, for two people. The essence of fraud is the transformation of a girl in the network and the search for potential lovers in the VC, other social networks or dating services. After finding the victim (man), the fraudster, using the skills of SI, invites her to the same anti-faith. Upon successful completion, the victim orders tickets to the session through a fake site (“script”), thus giving his money in someone else’s pocket.
There is a short hierarchy in the Anti-cinema scheme – the owner of the Anti-cinema (runs one or more sites at the same time, accepts the money of victims) and spammers (they receive most of the Anti-cinema income and do all the “dirty” work – finding victims, divorce to buy tickets).
A method of fraud in which an attacker presents malicious files to the victim under the guise of the purpose of an advertising (commercial) offer.
Fraudsters are looking for victims with a certain popularity, who accept commercial offers to monetize their creativity on various platforms (for example, on YouTube), and then contact them on behalf of PR-managers (and not only) of “developing” companies and projects, offering advertising of their digital product (antivirus, cloud gaming service, etc.). After accepting the offer, the victim downloads malware to his PC under the guise of the advertised product, thus sending his logins (logins, passwords, sessions, etc.) to the attacker.
Reviewing accounts from appropriate databases in order to find and reattach game accounts, social networks, etc., as a rule, for subsequent sale on trading floors or directly to buyers.
Brooters use a special set of database processing software (.txt files with login data for mail accounts in the format ‘firstname.lastname@example.org:password ‘-1 account per line):
- Brutcheckers (to automate the brute process);
- normalizers (for base formatting);
- soft for fast (using IMAP/POP3 protocols) login to your mail accounts;
- antifolders (to check bases for uniqueness).
The accounts themselves, located in the databases, are provided by people who extract them with the help of malicious software (stylers, keyloggers, RAT, etc.), conducting attacks on databases, extorting passwords and dozens of other ways. Bruthers, on the other hand, take the databases out of public access or buy them. There are 2 characteristics to evaluate databases: uniqueness (the number or percentage of unique strings that did not appear in the old databases) and valid (strings with accounts that can be accessed through the mail client; invalid – its opposite, “bad” strings).
A method of cracking accounts or other types of password-protected information images. There are 2 possible scenarios: search passwords from the most popular database or use the appropriate algorithms to issue each of the options in turn (example: 0000, 0010, 0100, 1000, 1001, etc.).
At the moment, the brute-force is the least effective method of breaking into accounts, because its execution requires irrational time (even a fairly weak password for our time may take several hours, days, years, or even decades), In addition, it should be noted that almost all services that require entering a password can easily recognize such attacks (often even regarded as DoS or DDoS) and prevent the attackers from intercepting access to the account, limiting access to it, or using verification systems such as ReCaptcha.
One of the ways to intercept data from accounts, based on the negligence of victims. Phishing means uploading a duplicate page of the target site or script (full site) to the hosting as a child with a form for entering a login and password.
After loading the script, the scammer finds the victims and with the help of CI forces them to follow a link to this site, where they are with a certain probability to enter their actual login data. As a rule, on phishing sites there is a redirect (redirect to another page), which allows you to slip the victim a real site after clicking “Login” on the phishing site, without focusing on the site address.
It should also be noted that phishing sites try to duplicate the domains of the target sites in every possible way. Thus, a phishing site duplicating facebook.com can occupy the domain fecabook.co, facebok.de or any similar.
The process of ordering some or other goods in online stores in order to sell funds on hacked accounts. If the fraudster gets into the hands of an account of the trading platform with a certain balance, and he does not have the opportunity to transfer these funds directly to the card, he orders one or more products that in the amount fully cover the target balance.
In this way, the abuser receives material items instead of money, which he can either use for his own purposes or resell. Nowadays, shupping is quite a popular practice, so finding shuppers who are ready to withdraw funds from your (or someone else’s) account by such machinations for a specific fee or percentage will not be difficult.
Substitution of Offers
A type of fraud, the essence of which is to send fake trading offers (usually exchange offers within the Steam service) in order to deceive the victim to the game things or currency.
To do this, the fraudsters track the trader-offers sent by special bots of trusted services (for example, trading or playgrounds) and immediately send an identical offer (in their favor) from an account that exactly repeats the type of the bot (including the name, avatarka, profile data). Thus, the substitution of offers is aimed at the inattention of victims, so the SI skills are often used to conduct this type of fraud (for example, when searching for potential victims).
DoS and DDoS
Two types of attacks used to disable Internet resources by sending multiple packets of data to target servers.
The differences between them are simple – DoS performs the task using only 1 device, DDoS – many. At present, DoS attacks are considered outdated and unable to “put” (disable) an average website. DDoS attacks require more systems with Internet access, but they can pose a real threat even to large Internet resources, loading a continuous stream of data from their server.
DDoS uses special software or web services – stressors. They allow you to control dangerous traffic and adjust its power (the more requests and the more data sent to the target server, the higher the probability of successful attack).
Even though DDoS is still quite dangerous today, there are a number of services that can resist it, the most popular of which is CloudFlare, which takes over the entire traffic flow directed to the server-address. All the necessary DDoS capacity is either bought on hosting (servers and other network devices), or use PCs and smartphones connected to the Botnet.
The process of capturing and substitution of the data stream.
Spoofing attacks are popular in public places with Internet access (e.g. cafes). In the case of a Wi-Fi network, the attacker uses a laptop or smartphone, connects to the Wi-Fi network and “says” to all the devices on the network that he is supposedly a router, thus redirecting all traffic to himself.
Thus, the attacker can view packets of unencrypted data coming from the victims and spoof them, as well as packets returned from the server (for example, he can embed the miner in a normal HTML page or change the returned images to his own).
Spoofing is an effective, simple (in terms of implementation) and quite spectacular attack, still relevant today.
Type of fraud using other people’s payment cards. As a rule, it involves theft and withdrawal of funds from the card in tangible money.
Carding has a high degree of danger, so malefactors often use drops (people who perform illegal actions instead of the cheater himself, remaining in the shadows, for some fee or percentage of income).
Carding has several sub-layers, one of which is skimming (stealing a payment card by copying its basic identification data). For skimming, cybercriminals use special devices – skimmers that can read the card’s magnetic tracks, and tracking tools such as hidden video cameras to read the data entered by the victim (in particular, the PIN code).
A malicious program used by attackers to quickly collect data from a victim device and then send it to the appropriate database.
Stilleries are commonly masked as ordinary programs by changing the icon and file name, sewing them into vulnerable documents using exploits, gluing them together with the target programs and “crypting” them (changing and protecting the contents of the malicious file so that it does not fall under the definition of malware during antivirus scan). It should also be noted that stylers are small and often used in conjunction with loader programs, which download them themselves, causing less suspicion.
Stillers can steal any data from a PC and even decrypt it. Once the necessary logs (cookies, session files, payment card data) have been collected and databases created, the Stiller usually archives them and sends them to the final destination – in the hands of the attacker (or, more specifically, to a web panel, email or
Stiller is one of the most effective ways to hack into accounts due to its secrecy and speed. Once it is launched, you are unlikely to be able to get your data back, the only way to prevent your logs from being sent is to shut down your PC immediately, ahead of it.
Malicious software designed to intercept the control of their victims’ PCs.
RAT operates using special protocols (e.g. VNC) that allow the attacker to see the victim’s screen, upload, download and run files, connect to external media and devices such as a webcam, microphone, drive, etc. (thus creating a remote desktop effect).
In some cases, RAT can be used as a styler, but it may take some time. Despite its extensive functionality, the satellites are quite lightweight and are masked in the same way as stylers or miners.
A malicious program that extracts the cryptovolta by the victim’s PC computing power.
Miners typically adapt to the diagnostic data of the PC by adding or reducing power to reduce the chance of being detected by the victim. Miners are masked in the same way as stylers or ratchets. They are attached to the attacker’s cryptic wallet and “
The final malicious file created by builder.
Since any styler, ratchet or miner must have at least some kind of contact with the attacker (e.g. know the address of a shared server, database or control panel), there is a concept of a child file – a build, and a parent – a builder.
The essence of their interaction is as follows: the attacker opens the builder, where he specifies all binding data (they were listed earlier), as well as local information of the future malware (name, icon, description, etc.), the builder in turn compiles the build (recreates a standard malicious file template), while changing the values specified by the attacker. The output is a ready-to-use malware, which, although made according to the template, has unique binding data and appearance.
Software designed for independent download of files from the server to your PC.
Loaders are used to infect target PCs with stylers, miners, drones, etc. Loaders upload and run files bypassing the firewall, but are not necessary to conduct attacks.
Loaders are very lightweight and often stick together with ordinary programs that the victim will want to download.
A tool that allows attackers to lower the detection rate (chance of antivirus identification) of malicious files.
Cryptors use different encryption and modification methods to modify the signature (file print) used by antiviruses to compare already known viruses with the ones being scanned.
Cryptors are used to distribute privately because after detecting one file scripted by it, the chance of detecting the others is increased.
A remote desktop used for power distribution and uninterrupted software operation.
Grandfathers are purchased through hosting services or mined by gross and can usually be used for absolutely any purpose. They use special protocols such as RDP (Remote Desktop Protocol) to communicate with the client device (even a smartphone can act as the client).
Grandfathers completely duplicate the functions of ordinary PCs, but they work on servers and use server operating systems, the most popular of which is Windows Server.
Grandfathers’ business card is traffic speed. It is several times higher than the average because of their location near data centers and Internet transmitters, which produce “space” speeds that allow to provide data exchange at once tens, hundreds, or even thousands of servers simultaneously.
Mathematical process of data transformation into a short (relative to the input stream) line of a certain length.
There are many hashing algorithms (e.g. MD5, SHA-1, CRC32), and most of them do not allow to get from a hash a completely identical string to the original.
A hash function has two characteristics – the speed of computation and the number of “collisions” (distortions, similarities).
Identifier (uncompressed content) of information (file in particular) defined by the corresponding hash function (hashing technology).
A hash string is a fingerprint of a certain file, the content of which will be changed in the same way. Thus, hashes can be used to verify the integrity, uniqueness and authenticity of a file (in the case of licenses). It should also be noted that two different files cannot have the same hash sum.
Social Engineering (SI)
A set of methods of influence on a person with the purpose of obtaining the necessary result.
SI is used in most cases of fraud for “disclosure” of the victim and obtaining information, personal data. In the case of real life, SI helps people to guide themselves and change their images in order to mitigate all kinds of obstacles and conflicts.
By using SI, a person enters many social skills and chooses a suitable image, manipulates and builds his speech in an advantageous position for him.