Phishing

What is Phishing?

The attempt of fraud in which the attacker tries to learn sensitive information such as login details or credit card details by impersonating as a reputable entity in telecommunication like email, IM or any other media.
This is an example of social engineering techniques used to deceive users and exploits weaknesses in current web security.
Attackers do so by sending emails or creating web pages that exactly look like legitimate companies. Once the users trust these and enter their personal information attackers will use this information for identity theft.


What phishing email looks like?



What phishing website looks like?


















Example of attracting the victim..
  • By sending emails mentioning about special offers/discounts
  • By sending google forums to fill (They will tell you fill this servery by logging into Facebook/gmail )
  • By sending messages/ emails mentioning expiration of account like ebay/paypal etc.

How to identify a phishing email?
  • If an e-mail requests an immediate response or a specific deadline, for an example, in the above example, the requirement to log in and change your account information within 24 hours.
  • If the attacker not specially targeting a person or a company he/she have no idea who you are. So, the email would not contain your account or username in it. In the above example, the e-mail just says "Dear eBay Member", if this was eBay they would mention your username.
  • Most of these will have a URL that is not related to the company's URL but looks like. These emails are getting better at hiding the true URL. In the above example, it seems to point to the official website. But this is only the link text but not the link itself. If you move your mouse over the link you will see the link address and not the link text. No company would link to an IP address.
  • By looking for obvious spelling and grammar mistakes.

How to identify a phishing website?

You can identify phishing website by looking at the URL. So once you go the website through a another link(without typing the URL on the search bar) which is included in a email or message you should care about.

if you are not sure if an e-mail is official....

  • Never follow any links in an email. Instead visit the page by manually typing the address of the company.
  • Never send any personal information through e-mail. Instead visit the company web site and log into the account as you normally would and change your information if it is required.
  • Contact the company through email or live chat asking about your email.

What to do if you have already fallen for a phishing attack?
  • Log into your account from the official company site and change your password immediately.
  • Scan your computer for malware in the case of your computer has been infected by the fake site.

Do you like to create a phishing website? ;)
Let's try 
Create a Facebook Phishing site

Comments

Popular posts from this blog

Introduction to Encryption

RESTful API

How to do a Phishing attack on Facebook?