PHISHING - an introduction
The most common way a usual internet user get attacked by hackers is phishing. Phishing is one of many ways by which your private data can be attacked. Wikipedia describes phishing as :Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.Phishing attack can be used to get your social networks's password, your bank account's information or any other private information which can be dangerous in hands of hackers. Broadly speaking it is a way of fooling a person. I mean the victim gives the information on a site which look legitimate, but it is not.
For explaining the rest of the part let us take an example of bank account's phishing attack.
Suppose the hacker want to have back account's information. So he go to the bank's official web site and make a copy of the page where users log in to their account. The copied page looks similar to the original one. The attacker creates a php script , that copies the user name and password to a simple text file accessible to the hacker. Little changes are made in the copied log in page of bank to get the password but it does not affect the look of the page, it is similar to the original page. Now he upload the copied page, the php script and a blank text file to get passwords to a server.
This was the hackers part, now here come the step where the user get trapped.
The attacker will send the link of the copied fake page of bank's login area to the user, claiming that he is a bank authority. The user generally log in through the fake copied page and his password is stolen and the hacker can access his account using his password. There are numerous ways in which a fake mail can be sent, editing the from field, the header and much more.
Using a similar way facebook's or gmail's fake page can be created.
The hacker get the passwords written on a text file as follows :
OK! so how to stop this and prevent phishing attack?
PREVENTING phishing attack
Be suspicious of any email with urgent requests for personal financial information
Don't use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don't know the sender or user's handle
Avoid filling out forms in email messages that ask for personal financial information
Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser
Remember not all scam sites will try to show the "https://" and/or the security lock. Get in the habit of looking at the address line, too. Were you directed to facebook? Does the address line display something different like "http://www.somethibgelse.com/facebook/login.htm?" Be aware of where you are going.
Consider installing a Web browser tool bar to help protect you from known fraudulent websites. These toolbars match where you are going with lists of known phisher Web sites and will alert you.
Regularly check your bank, credit and debit card satements to ensure that all transactions are legitimate
If you are on facebook and you click on any suspicious link(other than facebook)link that asks you to enter password and login details. Never do it.
At last if you find that this is a phishing/spoofing , bring it in notice of reportphishing@antiphishing.org
Indian users can go to: www.complaints-india.com/Online-Scam-Complaints/Phishing-Scams/
Don't use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don't know the sender or user's handle
Avoid filling out forms in email messages that ask for personal financial information
Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser
Remember not all scam sites will try to show the "https://" and/or the security lock. Get in the habit of looking at the address line, too. Were you directed to facebook? Does the address line display something different like "http://www.somethibgelse.com/facebook/login.htm?" Be aware of where you are going.
Consider installing a Web browser tool bar to help protect you from known fraudulent websites. These toolbars match where you are going with lists of known phisher Web sites and will alert you.
Regularly check your bank, credit and debit card satements to ensure that all transactions are legitimate
If you are on facebook and you click on any suspicious link(other than facebook)link that asks you to enter password and login details. Never do it.
At last if you find that this is a phishing/spoofing , bring it in notice of reportphishing@antiphishing.org
Indian users can go to: www.complaints-india.com/Online-Scam-Complaints/Phishing-Scams/
The most important step towards avoiding phishing is to look at the URL where you are entering any information
ABOUT THE AUTHOR
Hello, I am Piyush Ranjan, a computer engineering student from India. I love coding and talking on technology. Most of the time I am glued to my laptop watching movies, listening songs, blogging or coding.
0 comments:
Post a Comment
Thanks for your feedback !