ShoutMeLoud – Shouters Who Inspire

Superlinks
≡ Menu

What is Phishing and Phishing SafeGuard Methods

What is Phishing and Phishing SafeGuard Methods

phishing mobile email 300x260

Few days back I have read an article by Mahesh at shoutmeloud on how do hackers hack your passwords. This was a good informative post for every one which helps in protecting your self from getting your password hacked. I had got hacked when my orkut account was hacked by this method.

After reading the article I was interested to write one of the many methods used in hacking. That’s phishing. There are many other methods like social engineering, cookie stealing, shoulder surfing, guessing and then hacking through bruteforce or dictionary attacks etc., But i am interesed to tell you about phishing which is hugely popular in online world.

What is phishing?

Phishing is the process of stealing sensitive information such as usernames, passwords and bank information, by pretending to be original which is not.This is considered as a fraudent or criminal activity and if proved may be fined or jailed or in some cases may be both. You can read more about phishing on wikipedia.

In simple word, Hackers create fake login pages for Websites and send it to people via Email or other Social engineering skills. For example, Facebook fake login pages are very common way of hacking Fb passwords, a user will create a fake page which looks exactly like original Facebook login page, and user will be asked to enter the password. For a normal user there will be no difference apart from the URL of the webpage, which we usually ignore noticing at time. As soon as you will enter your password, hacker will get it in their database.

Common method of Phishing Scam:

Here are few of the instances that how people get hacked:

  • Email phishing:

Victims may receive e-mail from a hacker pretending to be from their bank. In this e-mail, it might tell the victim that he needs to update his account and personal information before it expires, and then the hacker provides a link. Once the victim clicks on the link, he arrives at a website that looks exactly like the actual bank page. In reality it’s just a perfect replica, and when he enters his login details, it sends it to the hackers email or stores it on his web server with all the details he has provided.

These hackers have the knowledge in the area of HTML and the PHP. Below i will show you how would they do this(but I am not going to mention the script used in this process). But there is huge chance of getting the basic script and other methods of phising out there on the web.

Here is a screen shot of what the phishing email looks like:

PhishingTrustedBank

wikipedia

  • Through ads:

Many of the newbies prey fall to this method. When you would have started to use the internet for the first time, you would have come across some blinking and shining ads stating “congratulations! You are the 999999 visitor of the site. Click here to claim your gift”. And when you click you would have taken to a page that asks for your basic information like address, phone no and so on… and at the last you will be asked for credit card information.

This is also one of the most commonly used method, but not effective as many of them who clicks would be newbies and would not have a credit card or so.

How would hackers hack using Phishing method?

Once they come to know about the victim, they make the prefect replica of the website so that they are ready for hacking. I will tell how this can be made taking Facebook as an example.

The hacker who wants to steal the password would create a fake profile saying that he/she is a girl. Once registered hacker would update the profile with nice tempting pics and many others. On this home page he/she would have paste the URL saying his favorite webpage, video link etc., Once you clicked on it, you would be taken to a Facebook homepage ( fake Facebook phishing page) asking for your Facebook login. If you enter the details nothing seems to be done and again you get to the homepage.

Whats happening here is that for the first time when you enter the username and password it sends to the hacker and then the page is redirected to the original Orkut homepage. Now you should login again as this is the original site.

How Phishing works:

As I have said that hacker can make a similar webpages, they do so using the “save webpage as” option that is available in the browser. Then he/she makes a folder and puts all the saved pages in it. Using his knowledge in PHP and HTML he writes a script and places in the folder. The 2 special files he makes are phishing file (somewhat like phish.php) and a text file (list.txt). The phish.php has scripts to take the input characters like username and passwords and transfers it to a list.txt file which stores them. He then uploads this to the server where he is hosting his site.

The URL will be encrypted so that a sudden glance at the address bar goes unnoticeable. This is how many of them out there on the web gets hacked.

How to protect from Phishing:

There is no other protection methods specially. All you have to do is to be careful about what you are doing.

  • Read the emails completely and check whether it is from the particular bank in which, you have an associated account.
  • When you reach the destination website take a second to have a look at the URL or address bar making sure that it is from the right site.
  • Do not provide any sensitive information to untrusted persons and also do not provide your email id to untrusted sites. They may sell your email id so that you receive lots and lots of spam.

These are the methods I have known for protecting myself. If you know any other methods please do know me and the readers. It’s always good to know about general hacking method, as by knowing common ways of hacking, you can safeguard yourself from hackers.

Do you wish to add any more tip which may help us to save from phishing attack?

  • Author Bio

  • Latest Post

Article by techntuts

Tech has written 1 articles.

If you like This post, you can follow ShoutMeLoud on Twitter. Subscribe to ShoutMeLoud feed via RSS or EMAIL to receive instant updates.


    TA

    { 10 comments… add one }

    • Nihar

      Good post.

      I admit that i got a mail from somebody. Looked exactly from citibank.com and was to change the password.

      As we are IT literate guys. We can immediately spot and say that any Bank in these days dont’ mail and ask for a password change. But, what will happen if it reaches who has no knowledge of this. :(

      Reply
      • seenu

        I tried to hack my frds account using phishing but couldn’t because the url is not genuine one. I created a fake page of gmail from php page storage account.

        Needed some tricks to make others believe that it is not fake page.

        Reply
    • Rahul @ MazaKaro

      this is so new to me actually , loved the definition you wrote at the beginning !!
      very helpful and i do guess how this way is very good one :)
      thank you for sharing l)

      Reply
    • Rajeel

      Great n useful article Bro.

      We can escape from hackers only if we are much careful in it. Whenever you share your username/password in any site/link, make sure that it is from the original domain. i.e, mails should end with @company.com and the login pages at xxx.company.com or company.com/xxx/xxx/ etc

      Reply
    • CoolGuy

      Good info
      and also as mahesh said, u can keep an eye on sender’s email id & also it would b a rare case ur bank or any website ur registered with wud ask for ur login details

      Reply
    • Vivek Parmar

      Phishing is one of the good thing if anyone knows then he may gets any valuable information at any time.

      Reply
    • esoftload

      now some antivirus came with the feature of checking fake pages… one of the protection method is to have a updated antivirus….

      Reply
    • Mahesh

      Any bank would never send a mail to confirm your ID and password. Also, I receive a lot of mails on my Yahoo! Mail that my account has been blocked, and to access it back, I need to fill up a /fake/ form. But, these companies never send you such mails. Those are all phishing techniques.

      Always check the sender’s email ID properly. Any company’s email ID would be on their domain.

      eg: [email protected]

      Reply
      • thurika

        hello,
        sir,may i know how to avoid these kind of phishing activities.if there say me the algorithm used in it…

        Reply
    • Bilal Ahmad

      Using advance internet security software like kaspersky and bitdefender can solve this poroblem. As hackers now use softwares to steal your passwords and other information.

      Reply

    Leave a Comment