Phishing
is an attempt to criminally and fraudulently acquire sensitive
information, such as usernames, passwords and credit card details, by
appearing as a trustworthy entity in an Electronic communication. eBay, PayPal
and other online Banks are common targets. Phishing is typically
carried out by email or instant messaging and often directs users to
enter details at a website, although phone contact has also been used.Phishing is an example of social engineering techniques used to fool users. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical measures.
Recent phishing attempts
have targeted the customers of banks and online payment services.
Social networking sites such as Facebook, Orkut, etc are also a target of phishing.
Spoofed/Fraudulent E-mails
are the most widely used tools to
carry out the phishing attack. In most cases we get a fake e-mail that
appears to have come from a Trusted Website . Here the hacker may
request us to verify username & password by replaying to a given
email address.
Techniques Behind A Phishing Attack
1. Link Manipulation
Most methods of phishing use some form of technical deception designed to make a link in an email appear to belong to some trusted organization or spoofed organization. Misspelled URLs or the use of sub-domains are common tricks used by phishers, such as this example URL
www.micosoft.com
www.mircosoft.com
www.verify-microsoft.com
instead of www.microsoft.com
2. Filter Evasion
Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing emails. This is the reason Gmail or Yahoo will disable the images by default for incoming mails.
Techniques Behind A Phishing Attack
Most methods of phishing use some form of technical deception designed to make a link in an email appear to belong to some trusted organization or spoofed organization. Misspelled URLs or the use of sub-domains are common tricks used by phishers, such as this example URL
www.micosoft.com
www.mircosoft.com
www.verify-microsoft.com
instead of www.microsoft.com
2. Filter Evasion
Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing emails. This is the reason Gmail or Yahoo will disable the images by default for incoming mails.
How does a phishing attack/scam look like?
As scam artists become more sophisticated, so do their phishing e-mail
messages and pop-up windows. They often include official-looking logos
from real organizations and other identifying information taken directly
from legitimate Web sites. Here is an example of how the phishing scam
email looks like
Example of a phishing E-mail / message, including a deceptive URL address linking to a scam Web site.
To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site, but it actually takes you to a phishing site or possibly a pop-up window that looks exactly like the official site.
These copycat sites are also called “spoofed” Web sites. Once you’re at one of these spoofed sites, you may send personal information to the hackers.
How To Identify A Fraudulent E-mail?
Here are a few phrases to look for if you think an e-mail message is a phishing scam.“Verify your account.”
Legitimate sites will never ask you to send passwords, login names, Social Security numbers, or any other personal information through e-mail.
“If you don’t respond within 48 hours, your account will be closed.”
These messages convey a sense of urgency so that you’ll respond immediately without thinking.
“Dear Valued Customer.”
Phishing e-mail messages are usually sent out in bulk andoften do not contain your first or last name.
“Click the link below to gain access to your account.”
HTML-formatted messages can contain links or forms that you can fill out just as you’d fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company’s name and are usually “masked,” meaning that the link you see does not take you to that address but somewhere different, usually a scam Website.
So The Bottom Line To Defend From Phishing Attack Is
1.
Never assume that an email is valid based on the sender’s email address.2. A trusted bank/organization such as paypal will never ask you for your full name and password in a PayPal email.
3. An email from trusted organization will never contain attachments or software.
4. Clicking on a link in an email is the most insecure way to get to your account.
Hope the article was useful to you guys/girls, If you have any doubt on this topic kindly comment below or simply stay tuned with us by following us on our Blog or Like Tech-Attacks on Facebook.
No comments:
Post a Comment