A few days back I have read an article by Mahesh at ShoutMeLoud on how do hackers hack your passwords. This was a good informative post for every one which helps in protecting yourself from getting your password hacked. I had got hacked when my Facebook account was hacked by this method.
After reading the article, I was interested in writing one of the many methods used in hacking. That’s phishing.
There are many other methods like social engineering, cookie stealing, shoulder surfing, guessing and then hacking through Bruteforce or dictionary attacks, etc..
Today, I will tell you about phishing which is hugely popular in the online world.
What is phishing?
Phishing is the process of stealing sensitive information such as usernames, passwords and bank information, by pretending to be original which is not.
This is considered as a fraudulent or criminal activity and if proved may be fined or jailed or in some cases may be both. You can read more about phishing on Wikipedia.
In simple word, Hackers create fake login pages for Websites and send it to people via Email or other Social engineering skills. For example, Facebook fake login pages are a very common way of hacking Facebook passwords.
A user will create a fake page which looks exactly like original Facebook login page, and the user (Victim/target) will be asked to enter the password. For a normal user, there will be no difference apart from the URL of the web page, which we usually ignore noticing at time. As soon as you will enter your password, hacker will get it in their database.
The common methods of Phishing Scam:
Here are few of the instances that how people get hacked:
- Email phishing:
Victims may receive e-mail from a hacker pretending to be from their bank. In this e-mail, it might tell the victim that he needs to update his account and personal information before it expires, and then the hacker provides a link. Once the victim clicks on the link, he arrives at a website that looks exactly like the actual bank page.
In reality, it’s just a perfect replica, and when he enters his login details, it sends it to the hackers email or stores it on his web server with all the details he has provided.
These hackers have the knowledge in the area of HTML and the PHP. Below i will show you how would they do this(but I am not going to mention the script used in this process). But there is huge chance of getting the basic script and other methods of phishing out there on the web.
Here is a screen shot of what the phishing email looks like:
- Through ads:
Many of the newbies prey fall to this method. When you would have started to use the internet for the first time, you would have come across some blinking and shining ads stating “congratulations! You are the 999999 visitor to the site. Click here to claim your gift”. And when you click you would have taken to a page that asks for your basic information like address, phone no and so on… and at last you will be asked for credit card information.
This is also one of the most commonly used method, but not effective as many of them who clicks would be newbies and would not have a credit card or so.
How would hackers hack using Phishing method?
Once they come to know about the victim, they make the perfect replica of the website so that they are ready for hacking. I will tell how this can be made taking Facebook as an example.
The hacker who wants to steal the password would create a fake profile saying that he/she is a girl. Once registered hacker would update the profile with nice tempting pics and many others. On this home page, he/she would have pasted the URL saying his favorite web page, video link, etc., Once you clicked on it, you would be taken to a Facebook homepage ( fake Facebook phishing page) asking for your Facebook login. If you enter the details nothing seems to be done, and again you get to the homepage.
What’s happening here is that for the first time when you enter the username and password it sends to the hacker and then the page is redirected to the original Orkut homepage. Now you should login again as this is the original site.
How Phishing Works:
As I have said that hacker can make similar looking webpages, they do so by using the “save webpage as” option that is available in the browser. Then he/she makes a folder and puts all the saved pages in it.
Using his knowledge of PHP and HTML, he writes a script and places in the folder. The 2 special files he makes are phishing file (somewhat like phish.php) and a text file (list.txt). The phish.php has scripts to take the input characters like username and passwords and transfers it to a list.txt file which stores them. He then uploads this to the server where he is hosting his site.
The URL will be encrypted so that a sudden glance at the address bar goes unnoticeable. This is how many of them out there on the web gets hacked.
How to protect from Phishing:
There is no other protection methods especially. All you have to do is to be careful about what you are doing.
- Read the emails completely and check whether it is from the particular bank in which, you have an associated account.
- When you reach the destination website take a second to have a look at the URL or address bar making sure that it is from the right site.
- Do not provide any sensitive information to untrusted persons and also do not provide your email id to untrusted sites. They may sell your email id so that you receive lots and lots of spam.
These are the methods I have known for protecting myself. If you know any other methods please do share it with me & others by commenting in the comment section below. It’s always good to know about the general hacking method, as by knowing common ways of hacking, you can safeguard yourself from hackers.
Do you wish to add any more tip which may help us to save from phishing attack?