Phishing:
Phishing is a way of
attempting to acquire information (and sometimes, indirectly, money) such as
usernames, passwords, and credit card details by masquerading as a trustworthy
entity in an electronic communication.
The basic idea
behind the phishing is the creation of page the looks like the original page
and if you got the two page to compare the design and information in the body
of the each page you can't differentiate between them, this makes phishing is
very dangerous when it compared with other of attack that target user sensitive
information.
Anti phishing
programs do not guarantee 100% of protection, there is no signature that those
programs can use to identify if this page is phishing page or not, all they do
is they have a list of phishing pages, this means if you targeted with new
phishing pages anti phishing programs do not help you.
How does Phishing works:
It simply based on
the user actions, if user takes right actions the phishing does not work but if
the user always takes the quick responses it definitely works. It works in this
sequence (there are other methods and technique):
First the hacker create identical page of the
original page, for example if you target Facebook users you have to create page
that looks like the Facebook original page, and the same rule applies for all
other target pages, banking, emails, online shopping, and so on.
Second the
attacker will send an email to the victim and pretend he is give specific
information something like you must change your password or you won
million dollars and so on. The most important thing here is the email must
contains link to other page that you must click on it.
Third
after you click on the link you will see the page and it looks as it is the
original page, you will enter your information (user name, password, credit
card, and so on) after you click submit the information will be stored in file
or database as hacker configure it.
Forth the
hacker will lunch tools on your stored information so he can grant access to
your account, or your credit card information. and now you lost your account or
you lost money.
How to protect yourself:
As you saw on the
previous section it all based on your response to emails and links that you
click on it.
It simple if you
does not click on the link this attack will not be success.
"You can safeguard your internet security privacy if you
use an anti phishing tool in an internet security program – coupled, of course,
with common sense."
http://www.kaspersky.com/threats/how-phishing-works
After you install anti phishing you must have to protect yourself
by taking the following actions:
·
Sender
Check the sender address if you know the sender open the email.
·
Do not click on any link in your email if you know the sender
address (it maybe spoofed), open your browser and write the link (As you know
the URL of the original page is not same as the phishing page) this may
guarantee that you open the correct page.
·
If it possible pick up the phone and call to make sure that this is
true, if your bank send you email regarding your banking information always
call them and make sure they really asked this information.
http://www.focus.com/fyi/44-ways-protect-phishing/
Things To remember:
v Phishing is
very dangerous.
v Time is money,
take your time to protect your money.
v Your sensitive
information that have been phished can be used in other type of attack and
really harm you.
Further Reading:
http://en.wikipedia.org/wiki/Phishing http://www.phishinginfo.org/how.html http://www.kaspersky.com/threats/how-phishing-works http://www.pcworld.com/businesscenter/article/135293/types_of_phishing_attacks.htmlwritten by
Elmozamil Elamir Hamid
No comments:
Post a Comment