Wednesday, September 12, 2012

Information Security: Phishing

          Phishing is a way of attempting to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
          The basic idea behind the phishing is the creation of page the looks like the original page and if you got the two page to compare the design and information in the body of the each page you can't differentiate between them, this makes phishing is very dangerous when it compared with other of attack that target user sensitive information.
          Anti phishing programs do not guarantee 100% of protection, there is no signature that those programs can use to identify if this page is phishing page or not, all they do is they have a list of phishing pages, this means if you targeted with new phishing pages anti phishing programs do not help you.
How does Phishing works:
          It simply based on the user actions, if user takes right actions the phishing does not work but if the user always takes the quick responses it definitely works. It works in this sequence (there are other methods and technique):
First  the hacker create identical page of the original page, for example if you target Facebook users you have to create page that looks like the Facebook original page, and the same rule applies for all other target pages, banking, emails, online shopping, and so on.
Second the attacker will send an email to the victim and pretend he is give specific information something like you must change your password or you won million dollars and so on. The most important thing here is the email must contains link to other page that you must click on it.
Third after you click on the link you will see the page and it looks as it is the original page, you will enter your information (user name, password, credit card, and so on) after you click submit the information will be stored in file or database as hacker configure it.
Forth the hacker will lunch tools on your stored information so he can grant access to your account, or your credit card information. and now you lost your account or you lost money.
How to protect yourself:
          As you saw on the previous section it all based on your response to emails and links that you click on it.
          It simple if you does not click on the link this attack will not be success.
"You can safeguard your internet security privacy if you use an anti phishing tool in an internet security program – coupled, of course, with common sense."
After you install anti phishing you must have to protect yourself by taking the following actions:
·        Sender
Check the sender address if you know the sender open the email.
·        Do not click on any link in your email if you know the sender address (it maybe spoofed), open your browser and write the link (As you know the URL of the original page is not same as the phishing page) this may guarantee that you open the correct page.
·        If it possible pick up the phone and call to make sure that this is true, if your bank send you email regarding your banking information always call them and make sure they really asked this information.
·        There are many other steps that you can found it by googling or in the following link:
Things To remember:
v Phishing is very dangerous.
v Time is money, take your time to protect your money.
v Your sensitive information that have been phished can be used in other type of attack and really harm you.
Further Reading:

written by 
Elmozamil Elamir Hamid

No comments:

Post a Comment