illegaltricks- A ethical hacking and cyber security blog, latest tips and tricks, tech hacks aur hacking ki basic and advance ,hacking illegal and blackhat tricks ,hacking softwares and bots ki jankari illegaltricks
Phishing is a form of social engineering technique used by hackers to gather sensitive information such as usernames, passwords and credit card details by posing as a trustworthy person or organization. Phishing scams usually sends an email message to users requesting for their personal information, or redirects them to a website where they are required to enter their personal information. In most cases, a phishing email directs the victims to follow a link leading to a website where they will have to enter their login details or other confidential information. In reality this website is a fake one created by the hacker (often referred to as spoofed website) which is an exact replica of the original or appears similar. When the victim enters his/her login details on a spoofed page they are actually stolen away by the hacker. For example, the hacker may send an email that pretends to have been appearing from the bank where the victim maintains an account and ask him/her to update the login details by following the link present in the email. The email further mentions that this update process is mandatory and failing to do so will result in the bank account being locked. As a response, the victim clicks on the link where he/she will be taken to the fake login page that looks similar to the original one. However, when the login details are entered, they are recorded and stored on the website for later access by the hacker. The victim remains unaware of the entire process but the hacker skilfully manages to hack the password.
You can avoid phishing attack by following the below mentioned guidelines:
Do not respond to suspicious emails that ask you to give your personal information. If you are unsure whether an email request is legitimate, verify the same by calling the respective bank/company. Always use the telephone numbers printed on your bank records or statements and not those mentioned in the suspicious email.
Do not use the links in an email, instant messenger or chat conversation to enter a website. Instead, always type the URL of the website on your browser’s address bar to get into a website.
Legitimate websites always use a secure connection (https://) on those pages which are intended to gather sensitive information such as passwords, account numbers or credit card details. You will see a lock icon in your browser’s address bar which indicates a secure connection. On some websites like “PayPal” which uses an extended validation certificate, the address bar turns GREEN as shown below:
Even if the login page is not secure (https://) the target website may still be legitimate. However, look for misspellings like www.papyal.com, www.payapl.com or paypal.somethingelse.com instead of the legitimate site www.paypal.com and make sure that the login details are only entered on the legitimate web page.
No comments:
Post a Comment