[+] Wayc0de's Blog[+]

15/09/11

Protect Yourself From Phishing

Most of us are familiar with the word Phishing.For those who are new to this term Phishing,i am going to first explain to you the concept of word phishing.

PHISHING:

Phishing is a technique that is used by some malicious hackers to acquire some sensitive information like Passwords,Bank Id’s and some very important login details of various accounts. This word sounds like the word “Fishing” and is quite similar to the technique of fishing,as in fishing the fisherman hooks a bait pretending to be a real food so that he can fool the fishes in the pond and as soon as the fish comes for the bait it gets hooked and gets caught.Same is the case with phishing that is used over internet by the users to trap people through fake login pages that are designed by them or are available on net.The attackers creates a fake or duplicate page of a genuine website like any social site or any bank account page,and then he will set the trap by sending a mail to the prey(user) and waits for the user to fall in that trap and as soon as the user enters his/her details they are caught i.e the login details are send to the attacker and he know has the access of their sensitive information,it may be an account of social networking site or any bank account details.

Phishing technique is basically done through Email spoofing(means sending anonymous mail) and also through instant messaging.Phishing requires social engineering skills i.e how you can pretend to be a genuine person to the user whom you want to attack.This technique has caused a lot of problem for users who are easily trapped in these types of Phishing attacks,it has caused real big damages to the user’s.

After all the problems that were caused by the Phishing attacks,came the concept of Anti-Phishing i.e how you can protect yourself from getting caught in these types of attacks.These are some simple techniques that you can easily remember and save yourself from getting attacked by the malicious users.

ANTI-PHISHING TECHNIQUES:

1.Social Awareness:

One of the important technique is to create social awareness among the people about these types of phishing techniques so that the users browsing the internet can know about these types of attacks that are being carried by some users and thus they will become more cautious while browsing.This is quite necessary because most of the users do not even know about these types of attacks and thus they can easily fell into the traps set by the malicious users.

2.Technical awareness:

Technical awareness includes the ability to identify between the fake website pages from the legit websites.If you are smart enough than you can easily differentiate between a legit and a fake website.The user can easily pick up the fake website page from the url itself,as most the urls that are used for phishing are different from the original url of a website,if you can recognize the legit page url ,than you will be easily able to differentiate between fake and legit pages.

But these days attackers have developed some new techniques through which they make the url so much complicated that it’s quite difficult to differentiate between the fake an legit site,but nowadays many browsers like internet explorer has developed a new technique in which the domain name is highlighted with black color and all other details with light brown color so that the user will be easily able to look into the domain name of the page and identify the page.

3. E-mail authentication:

This is quite an important technique if you want to save yourself from phishing.Most of the phishing technique rely on email systems i.e  the attacker will send you an email pretending to be a genuine company or a site administrator which will contain a link that will redirect you to a page that would look legit to you.Now how will you come to know that whether the email is secure or it’s fake.Some companies or websites have some special notations or signs that are not available to phishers and thus if you feel any difference in the email language then do not trust the email.There is always a contact information given in the email you can use it to authenticate the email,whether it’s legit or not.

Now most of you might be thinking that the fake Email’s are automatically send into the spam folder in your mail system,but this is not true.Today the users have developed so many new techniques that email the best email system will not be able to differentiate between the spam and regular email.So do not get fooled by this thing that fake email’s are send to the Spam folder. I am telling this you from my own personal experience and it’s 100% true.

If you follow these techniques then there is no chance of you falling in such traps.Do tell me about your views on this topic.

nb : techbugs

Tidak ada komentar:

Posting Komentar