Hope many people don't know what Phishing is all about ;) Yes this is the main or root strength of an hacker or phisher :)
When people know nothing about implementation or concept (in internet world), Hackers or Phishers will just go around them :) Cracking all the sensitive Information. Phishing is a widely spread concept, but less awareness among people ...
Phishing:
In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as user names, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
Source- Wikipedia
Got a holding of it?? Nope ?? Okay let me explain you in brief :
Step1: Hackers or Phishers replicates a web page ( might be login page, welcome page, download page etc...) and hosts it on a server.
Step2: Then they spread the links among the people as warnings or hot news or precautionary measures or download links etc . They also use URL shortners to hide their links :) ...
Step3: They log all the user id's and password's in a plain text with all the required details and redirects it to the server.
Step4: Spread the user id's and Passwords among people or they will use it for their own benefit or sell the sensitive information to the needy.
In brief, hackers or phishers replicates a web page and logs all the sensitive information for their benefits.
Got it now?? I guess yes :)
Now as we came to know what phishing is, we should know how to prevent it :)
Many Phishers or Hackers use PHP (Hypertext Preposessor) as their tool. Yes, to replicate a page and to load all the required objects (images, Links, Buttons, Banners etc...) on a page they use PHP's as their main tool.
Websites Of their Interest:
They are interested in websites which tracks sensitive information and which are famous. They mainly concentrate on websites which asks users to pay for registration (like Rapidshare, Megaupload, Amazon etc ...), few hackers or phishers concentrate on Online Banking or Money transfer agents (like ICICI, CITIBANK, SBI, HDFC, PAYPAL, LIBERTY RESERVE, etc...) Social Networking websites (like Orkut, Facebook, HI5 etc...) and few of them on email accounts (No need of listing i guess :) )
How do they spread Phishing Links??
They spread the fake links through emails as warnings or Hot news, Or they will post in forums as hottest news or download links of famous softwares,music,movies etc...
How to Prevent PHISHING??
Interesting topic right?? Ha ha ha haaa :)
Basic Measurements:
Step1: Check out the URL first. (Check whether it is like google.com, Rapidshare.com, Yahoo.com etc ...). If its a phished web page you can see the name of fake hosting site instead of real URL's.
Step2: When you are logging into a website check whether its secured :) Check for Lock symbol near the URL or Check for "HTTPS" protocol.
Step3: Don't ever login to your account using the links in the mail. I know links are shortcuts it may lead t light or dark :)
Step4: Login to your account through main webpage only
example: 1. www.gmail.com and not http://somehostingserver.com/gmail/youraccount..
2. www.rapidshare.com and not http://somehostingserver.com/xxxxxxx/xxxx.html
3. www.icicibank.com and not http://somehostingserver.com/icicibank/xxxxx/
Advanced Steps:
Step1: Check out the web page information. Right click on the page->View Page Info .
Step2: Check out the cookies. Cookies should be from core website or original website. (Right click on the page->View Page Info ->Security tab->cookies)
Step3: In Right click on the page->View Page Info ->Security tab, you should find all the details of the website.
Plugins for Firefox which will help you to Prevent fake pages : (https://addons.mozilla.org)
1> Liberty Gaurd: It helps you to find whether a page is original LibertyReserve page or PayPal page etc...
2> Site Information Tool: It helps you to find out all the details about a webpage. It clearly tells whether a website is fake or original.
3> WOT(Web of Trust) tool : It warns you about the fake or malicious website and provides user rating about the website.
Hope this information helps you all :)
Prevent Hacking and Phishing :)
Posts
