What is phishing?
Phishing is a technique of obtaining
sensitive data such username,password,credit card details etc by an
attacker by claiming to be a trusted or genuine
organisation/company.
The most common type of phishing is
Fake Login Pages. The basic methodology of this attack is written below
1.Suppose
an attacker wants to hack gmail/yahoo/facebook/bank account of the victim.
Attacker creates a fake login page of that website . This fake login page
looks exactly like real/genuine login page.
2.Attacker
then sends the link of that fake login page to victim through an email or any
other means.The sender's email Id is usually spoofed to give an authentic look
to it.
4.The
credentials that are username and password go to the attacker. Hence victim's
account gets hacked.
5.Victim
is then redirected to any webpage as chosen by attacker. Most probably the
victim is redirected
to genuine website or a page
displaying an error.
Let’s hope the idea is clear to you.
This is the best method to hack anyone's gmail/yahoo/orkut/facebook/bank
account.Creating a fake login page is very simple. Then it depends on
attacker's smartness that how he manages to fool the victim to get his
credentials entered in fake login page. Simply this attack depends on
attacker's intelligence as well as victim's carelessness.
Countermeasuers :
The obvious countermeasure is that
just don’t blindly enter your sensitive data in a webpage that exactly looks
like genuine/real page. Carefully check the URL .But URLs can also be
spoofed. The protocol must be hopefully https(secure) instead of http. If
you still have doubts, you should check the digital certificate of the
website.
Now , you can like Zeal2hack on Facebook. https://www.facebook.com/Zeal2hack
Now , you can like Zeal2hack on Facebook. https://www.facebook.com/Zeal2hack
No comments:
Post a Comment