Sunday, 1 May 2011

What is Phishing? Know The Basics

What is phishing ?

Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by appearing as a trustworthy entity in an electronic communication. 

In other word Phishing is a technique of obtaining sensitive data such username, password, credit card details etc by an attacker by claiming to be a trusted or genuine organization /company through electronic communication like: - website, email or phone. 

Phishing is typically carried out by email or instant messaging and often directs users to enter details at a website, although phone contact has also been used. Phishing is an example of social engineering techniques used to fool users.The most common type of phishing is Fake Login PagesThe basic methodology of this attack is written below: -

1.   Suppose an attacker wants to hack gmail/yahoo/facebook/bank account of the victim. Attacker creates a fake login page of that website. This fake login page looks exactly like real/genuine login page.

2.   Attacker then sends the link of that fake login page to victim through an email or any other means. The sender's email Id is usually spoofed to give an authentic look to it.

3.   Victim clicks on the link, fake login page appears in his browser and he enters his credentials in that page thinking that it is genuine.

4.   The credentials that are username and password go to the attacker. Hence victim's account gets hacked.

5.   Victim is then redirected to any webpage as chosen by attacker. Most probably the victim is redirected to genuine website or a page displaying an error.

I hope the idea is clear to you. This is the best method to hack anyone's gmail/yahoo/orkut/facebook/bank account. Creating a fake login page is very simple. Then it depends on attacker's smartness that how he manages to fool the victim to get his credentials entered in fake login page. Simply this attack depends on attacker's intelligence as well as victim's carelessness.

Countermeasures: -

The obvious countermeasure is that just don’t blindly enter your sensitive data in a webpage that exactly looks like a genuine/real page. Carefully check the URL. But URLs can also be spoofed. The protocol must be hopefully https (secure) instead of http. If you still have doubts, you should check the digital certificate of the website.

Note: This was just a theoretical basic guide to phishing. Read my detailed step by step tutorial onHow to create and use fake login pages” on my next coming article. So, Keeping reading / visiting TRICKS4INDYA.

Note: This is illegal and is for educational purpose only. Any loss/damage happening will not be in any way our responsibility.

If u like then ple follow my blog & also help to promote. Don’t forget to leave comment.


Post a Comment

Related Posts Plugin for WordPress, Blogger...
Twitter Delicious Facebook Digg Stumbleupon Favorites More