SlideShare una empresa de Scribd logo

Phishing Article by Avinash Singh

Descargar como DOCX, PDF
Avinash Singh
Avinash Singh

Information Security Report, Phishing Report, Detailed Article on Phishing, Written by Avinash Singh

Tecnología
1 de 8
PHISHING Old but a New Age Weapon Author: Avinash Singh E-mail: avinas546@gmail.com SNL: http://www.facebook.com/avinash546
AUTHOR BIOGRAPHY: Avinash is Technical Evangelist. Educational Qualification: B.Tech from Punjab Technical University He holds the following certifications in the field of Ethical Hacking & Information SecurityAppin Certified Ethical Hacker (ACEH), Certified Penetration Testing Expert (CPTE). He has also done training in the field of Network Security, which includes IDS (Intrusion Detection Systems), Firewalls and Honeypot Technology. He is also trained in other fields such as Linux, Microsoft Certified IT Professional (MCITP), Firewall and CISCO Certified Network Associate. He is also the admin and lead author at TechSpectrum.in (Blog). He has a total experience of around 2 year in the field of Training and Security, and has successfully conducted more than 60 workshops and training programmes till now all over india covering more than 2500+ students. ***************************************************************** ARTICLE: Phishing In simple words, phishing is a fraudulent attempt to steal your login credentials or any of your private information and it is growing rapidly. Look at the following examples: Mail 1: Dear Customer We need to verify your bank credentials please click on the following and verify your credentials on the page that follows. The link is www.c1tibank.com. Regards Citibank Team Mail 2 Hey Friend
I just added some new cool pics of mine, hope you like it, please click on the link below and enjoyyyy. http://www.0rkut.com C ya Many a times you get these kind of mails and mostly without thinking much we click on the link which takes us to a login page whether it be a page of your bank ,your email provider or your favourite social networking website. You put your credentials there and error occurs or simply you cant login in one go. Have you ever realised what happened in the background, your id and password was sent to some other place or you can say it has been revealed i.eHACKED. Now, you must be wondering what is all this or how all this is happening??? Here is the answer, take a close look at the address provided in both the mails above, in Mail 1 it is www.c1tibank.com instead of www.citibank.com. Just in place of I there it is written 1. In Mail 2, the link provided is http://www.0rkut.com , there is a 0 (zero) in place of ‘o’. This means that these are not the links of your bank of your social networking website but the thing is that it takes you to a webpage that looks exactly similar to the original one, this is the fake page that has been designed by some attacker to steal your login credentials or your private information. These fake pages can ask you for various types of information like your personal information, credit card numbers etc and are really convincing and make you reveal your personal info. Most of the times you cant really make out the difference between the fake page and the original page by simply looking at it. When you put your login credentials on that page and submit it, what happens in the background is that your login credentials have been mailed to an email id of the attacker or it has been stored at some place on the web as specified by the attacker and you are simply redirected to the original page of the legitimate website. This is PHISHING. Just like the conventional fishing, the attacker makes a fake webpage that acts a food to the fish and waits for the fish ( victim ) to fall into the trap. Phishing messages ot emails looks like they have come from a legitimate company and can easily be sent through spoofed email ( emails not originating from the real sender, but by using the sender id ).The reason most people fell into this trap is that they are not aware of it. They simply fall into the trap and loose their confidentiality on the internet later on which can be used in numerous ways by the attacker to cause you harm. The best way you can be protected from phishing is to have a awareness about it and learning it. Social Engineering The most common way of doing phishing is social engineering that is to make a person reveal his secret or personal information by tricking them through a talk or any other social way. The attackers generally copy the contents of the emails of the original website and simply replace the original links with the links of their fake webpages.
Phishing – Not only Emails If you are thinking that phishing can be done only through e-mails then probably you are mistaken. Phishing can be done through the following ways also : Chats Instant messages Calls Fake banner ads Fake browser tools Free job search sites etc. Sometimes, your phone rings and the person on the other side says that he is speaking from your bank and something has happened through your account details or they are not able to verify and say that your account may be cancelled if early response is not made prompting you to immediately verify it on phone or via a message and no body wants to loose money, so you simply fall into the trap. Some calls thank the victim for the purchase they never made, or lottery scams are very common now a days , an e-mail saying that you have won a lottery worth millions and to deposit a fixed amount of money in an account to claim the won money. So phishing messages are designed in such a manner that they prompt you for immediate action. Desktop Phishing?? The DNS ( Domain Name System ) contains the IPs address mapped with the website name ( Domain Name ) for all the websites on the internet, whenever we try to open a website we type the name of the website, the request goes to the DNS server where the mapped IP address is found and the a response is generated and we can view the webpage. But before going to the DNS server, in a windows system a host file (Windows/System32/drivers/etc/hosts file , this file controls the internet browsing in your PC )is consulted first which is located in the Windows drive. The files contains mapping of IP address and Domain Names. For example : 122.78.56.123 www.google.com 127.0.0.1 localhost If an entry is made into the host file such that the IP of the yahoo.com is written and the domain name is specified as www.google.com. Then everytime you try to open www.google.com, the page of yahoo will be displayed as the IP address of yahoo is given with that name. This can be used for phishing, if a phisher page of facebook is to be made , an entry has to be made in the host file which will contain the IP address of the fake page and the domain name entry as www.facebook.com. Next time, when the user will type the address of facebook in the address bar the fake page will come up. The point here to be noted is that the URL has no tampering so it becomes more difficult to identify the phisher page. This type of phishing can also be detected by some methods which are described afterwards in the article. The host file can be modified easily through a batch program, so the attacker just sends a batch file to the victim, and as the victim executes it, the attackers job is done.
Difference between phishing and desktop phishing In phishing an e-mail containing the link has to be sent whereas in desktop phishing a batch file does the job. In phishing the victim has to be convinced about the legitimacy of the organisation or the website where as in desktop phishing execution of the batch file matters. In phishing the domain name of the fake page and the original page are different where as in case of desktop phishing there is no difference in the domain name of the fake and original page. This is also the main drawback of normal phishing. Tab Napping Tab Napping is Tab+Kidnapping. All the browsers are vulnerable to this. Suppose you are browsing the internet in your favourite browser with multiple tabs open, in one of the tabs you have your favourite social networking website open and your accessing multiple tabs, after that when you browse to your social networking websites tab you find that the session has expired and it requires you to login again and and you enter your credentials and successfully redirected to your homepage or the inbox. This seems normal and doesn’t matters but actually something happened in the background when you were switching between the tabs, while you were browsing one of the pages in the opened tabs has changed your social networking site’s tab to the look alike login page of that social networking website, you innocently put your password over there and it gets kidnapped any you get tabnapped. But in reality your session never expired and you wont to come to as after putting your password your inbox or the home page is in front of you. How to be protected from tab napping? If you really think that your session has expired out or if there is any such notification, close that tab and open the URL in a new tab or simply type the URL manually in the same tab. Browser addons are also available but 100% percent dependency cant be assured but atleast something is better than nothing. The browsers can only alert you sometimes and afterwards the decision yours. Whats the DAMAGE?? 1. Not able to access the e-mail account or other online accounts. 2. Financial loss. 3. Identity theft. The attackers can use the identity information to create fake accounts in the name of victim or could destroy credit or the end result could be a destroyed life. It is estimated that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by Phishing, totaling approximately US$929 million How to detect phishing ?? Unsolicited Request: In the examples above, the mail from a bank is there but the fact is that no financial organisation or bank asks for your login credentials or your information on calls or e-mails. If you feel so that the information is required visit the bank or the organisation personally.
Dear Customer ,no financial organisation or legitimate company addresses you by this, they have your name in their records and will address you by the same. ‘Verify your account’ These are the favourite words of the attacker in a phishing message. If you missed the above two points, be alert on reading these words atleast. ‘Click on the link below’ If you find these words in the message be alarmed, never click on the link or check it properly otherwise. These links will probably take you to a fake page of the real legitimate company. The phishing message generally contains many mistakes whether it is the language or the grammar. Last but not the least trust your instincts, if you are feeling that the message then it probably is. If you have a account with the bank or any legitimate organisation then you must be knowing the website of it, so there is simply no need to click on the link in the phishing message, simply open the website of the concerned organisation manually by typing the address. Watch out for the URL ( Uniform Resource Locator ), in simple words it means the text that appears in the address bar of your browser or the address of any website. Like in the above examples at the beginning, the change or the tampering in the URL is visible , they are tampered so as to look like the web address of the real company. Below is an example: http://www.google.com Real Address http://www.g00gle.com Fake Address How to protect yourself ?? Now as you know what are the signs of phishing you can take some protective measures to protect yourself from it. 1. Never respond to such mails. 2. Never give or punch your password on the telephone. 3. Inform the concerned organisation. 4. Check the URL, 5. Do not panic when you receive such messages. 6. Never provide your password on any unsolicited request over the internet or telephone oe any other medium. 7. If you have doubts contact the organisation personally. 8. Never click on links provided in the mail, open the webpages manually. 9. Review your account statements periodically to make sure that all the charges are genuine. 10. If any popus seeks your personal information, it may be a phisher. 11. Updated antivirus software, link scanner, spyware program is of great help. 12. Be cautious when you download attachments irrespective of the sender.
13. Never run any type of script in your address bar while you are signed in with your account. 14. Use different passwords for different sites, in today world of technology it may be hard but it helps a lot in protecting your information from phishers. 15. It is well said that a little info is not dangerous, be aware and updated about phishing attacks. 16. Never be taken away by money offers as in lottery scam or for a survey or it may be a product you never purchased, greed doesn’t pays. 17. Logout everytime after accessing your bank info or any other website that is related to your private info. Do not just close the browser specially at public terminals. 18. Two Factor authentication such as a combination of a software password and an ATM card number can help you increase your security. 19. If any of your accounts have been compromised, shut down them at once. 20. If you even suspect that your password has gone to wrong hands, change it immediately. 21. Trust your Instincts. 22. Review the SSL certificate of the website on which you are providing your personal or any other private info. Every legitimate or original company has a SSL certificate so as to transmit the data securely over the internet. Every genuine login page opens with https instead of http, s in https is for secure. For example : https://www.gmail.com https://www.citibank.com When you open a original page, you can see a golden lock either at the address bar or near the bottom right corner of the browser which is absent in case of fake webpages. You can also look for a verisign certified logo on the website link, it is organisation that provide security certificates to the websites of various organizations. Also , if while opening a webpage you receive a certificate error then there is a probability of the website bring not real, a fake certificate may have been generated for the legitimate webpage. Anti-phishing websites There are various websites available on the internet that help you fight phishing and protect you from it. These websites maintain a collection of database of phishing website, you can report a phishing webpage if you discover any to these websites also. These sites also help you in determining whether a given webpage is a real or a fake one, you simply have to provide a URL you want to check. Some of these websites also teach you to discriminate between a phishing page and the real one. Following are some of the website : www.antiphishing.org www.phish-no-phish.com Anti-phishing softwares
Anti-phishing softwares help you to detect phishing webpages and e-mails by scanning them and looking for the phishing content. The attackers now a days are aware of this fact and instead of sending text they are sending the e-mails in the form of images to make things difficult for these softwares. Phishing pages can also be detected by the web browsers, web browsers now a days have the capability to detect and report possible phishing pages to the user. Some of the browsers may require extra plugins like that of an antivirus for detecting this.

Recomendados

Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Phishing
PhishingPhishing
Phishingne_tis93
 
Looking For A Rain God
Looking For A Rain GodLooking For A Rain God
Looking For A Rain Godne_tis93
 
יומן קריאה- רותם
יומן קריאה- רותםיומן קריאה- רותם
יומן קריאה- רותםgalitbarazani
 
לשלוחמצגת מצעד הספרים תשע בבית ספר יזרעאליה
לשלוחמצגת מצעד הספרים תשע בבית ספר יזרעאליהלשלוחמצגת מצעד הספרים תשע בבית ספר יזרעאליה
לשלוחמצגת מצעד הספרים תשע בבית ספר יזרעאליהgalitbarazani
 
Global Phishing Survey: Domain Name Use and Trends in 2007
Global Phishing Survey: Domain Name Use and Trends in 2007Global Phishing Survey: Domain Name Use and Trends in 2007
Global Phishing Survey: Domain Name Use and Trends in 2007webhostingguy
 
Phishing-Updated
Phishing-UpdatedPhishing-Updated
Phishing-UpdatedJayaseelan Vejayon
 

Recomendados

Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Phishing
PhishingPhishing
Phishingne_tis93
 
Looking For A Rain God
Looking For A Rain GodLooking For A Rain God
Looking For A Rain Godne_tis93
 
יומן קריאה- רותם
יומן קריאה- רותםיומן קריאה- רותם
יומן קריאה- רותםgalitbarazani
 
לשלוחמצגת מצעד הספרים תשע בבית ספר יזרעאליה
לשלוחמצגת מצעד הספרים תשע בבית ספר יזרעאליהלשלוחמצגת מצעד הספרים תשע בבית ספר יזרעאליה
לשלוחמצגת מצעד הספרים תשע בבית ספר יזרעאליהgalitbarazani
 
Global Phishing Survey: Domain Name Use and Trends in 2007
Global Phishing Survey: Domain Name Use and Trends in 2007Global Phishing Survey: Domain Name Use and Trends in 2007
Global Phishing Survey: Domain Name Use and Trends in 2007webhostingguy
 
Phishing-Updated
Phishing-UpdatedPhishing-Updated
Phishing-UpdatedJayaseelan Vejayon
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

Más contenido relacionado

Último

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Último (20)

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

Destacado

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Destacado (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Phishing Article by Avinash Singh

  • 1. PHISHING Old but a New Age Weapon Author: Avinash Singh E-mail: avinas546@gmail.com SNL: http://www.facebook.com/avinash546
  • 2. AUTHOR BIOGRAPHY: Avinash is Technical Evangelist. Educational Qualification: B.Tech from Punjab Technical University He holds the following certifications in the field of Ethical Hacking & Information SecurityAppin Certified Ethical Hacker (ACEH), Certified Penetration Testing Expert (CPTE). He has also done training in the field of Network Security, which includes IDS (Intrusion Detection Systems), Firewalls and Honeypot Technology. He is also trained in other fields such as Linux, Microsoft Certified IT Professional (MCITP), Firewall and CISCO Certified Network Associate. He is also the admin and lead author at TechSpectrum.in (Blog). He has a total experience of around 2 year in the field of Training and Security, and has successfully conducted more than 60 workshops and training programmes till now all over india covering more than 2500+ students. ***************************************************************** ARTICLE: Phishing In simple words, phishing is a fraudulent attempt to steal your login credentials or any of your private information and it is growing rapidly. Look at the following examples: Mail 1: Dear Customer We need to verify your bank credentials please click on the following and verify your credentials on the page that follows. The link is www.c1tibank.com. Regards Citibank Team Mail 2 Hey Friend
  • 3. I just added some new cool pics of mine, hope you like it, please click on the link below and enjoyyyy. http://www.0rkut.com C ya Many a times you get these kind of mails and mostly without thinking much we click on the link which takes us to a login page whether it be a page of your bank ,your email provider or your favourite social networking website. You put your credentials there and error occurs or simply you cant login in one go. Have you ever realised what happened in the background, your id and password was sent to some other place or you can say it has been revealed i.eHACKED. Now, you must be wondering what is all this or how all this is happening??? Here is the answer, take a close look at the address provided in both the mails above, in Mail 1 it is www.c1tibank.com instead of www.citibank.com. Just in place of I there it is written 1. In Mail 2, the link provided is http://www.0rkut.com , there is a 0 (zero) in place of ‘o’. This means that these are not the links of your bank of your social networking website but the thing is that it takes you to a webpage that looks exactly similar to the original one, this is the fake page that has been designed by some attacker to steal your login credentials or your private information. These fake pages can ask you for various types of information like your personal information, credit card numbers etc and are really convincing and make you reveal your personal info. Most of the times you cant really make out the difference between the fake page and the original page by simply looking at it. When you put your login credentials on that page and submit it, what happens in the background is that your login credentials have been mailed to an email id of the attacker or it has been stored at some place on the web as specified by the attacker and you are simply redirected to the original page of the legitimate website. This is PHISHING. Just like the conventional fishing, the attacker makes a fake webpage that acts a food to the fish and waits for the fish ( victim ) to fall into the trap. Phishing messages ot emails looks like they have come from a legitimate company and can easily be sent through spoofed email ( emails not originating from the real sender, but by using the sender id ).The reason most people fell into this trap is that they are not aware of it. They simply fall into the trap and loose their confidentiality on the internet later on which can be used in numerous ways by the attacker to cause you harm. The best way you can be protected from phishing is to have a awareness about it and learning it. Social Engineering The most common way of doing phishing is social engineering that is to make a person reveal his secret or personal information by tricking them through a talk or any other social way. The attackers generally copy the contents of the emails of the original website and simply replace the original links with the links of their fake webpages.
  • 4. Phishing – Not only Emails If you are thinking that phishing can be done only through e-mails then probably you are mistaken. Phishing can be done through the following ways also : Chats Instant messages Calls Fake banner ads Fake browser tools Free job search sites etc. Sometimes, your phone rings and the person on the other side says that he is speaking from your bank and something has happened through your account details or they are not able to verify and say that your account may be cancelled if early response is not made prompting you to immediately verify it on phone or via a message and no body wants to loose money, so you simply fall into the trap. Some calls thank the victim for the purchase they never made, or lottery scams are very common now a days , an e-mail saying that you have won a lottery worth millions and to deposit a fixed amount of money in an account to claim the won money. So phishing messages are designed in such a manner that they prompt you for immediate action. Desktop Phishing?? The DNS ( Domain Name System ) contains the IPs address mapped with the website name ( Domain Name ) for all the websites on the internet, whenever we try to open a website we type the name of the website, the request goes to the DNS server where the mapped IP address is found and the a response is generated and we can view the webpage. But before going to the DNS server, in a windows system a host file (Windows/System32/drivers/etc/hosts file , this file controls the internet browsing in your PC )is consulted first which is located in the Windows drive. The files contains mapping of IP address and Domain Names. For example : 122.78.56.123 www.google.com 127.0.0.1 localhost If an entry is made into the host file such that the IP of the yahoo.com is written and the domain name is specified as www.google.com. Then everytime you try to open www.google.com, the page of yahoo will be displayed as the IP address of yahoo is given with that name. This can be used for phishing, if a phisher page of facebook is to be made , an entry has to be made in the host file which will contain the IP address of the fake page and the domain name entry as www.facebook.com. Next time, when the user will type the address of facebook in the address bar the fake page will come up. The point here to be noted is that the URL has no tampering so it becomes more difficult to identify the phisher page. This type of phishing can also be detected by some methods which are described afterwards in the article. The host file can be modified easily through a batch program, so the attacker just sends a batch file to the victim, and as the victim executes it, the attackers job is done.
  • 5. Difference between phishing and desktop phishing In phishing an e-mail containing the link has to be sent whereas in desktop phishing a batch file does the job. In phishing the victim has to be convinced about the legitimacy of the organisation or the website where as in desktop phishing execution of the batch file matters. In phishing the domain name of the fake page and the original page are different where as in case of desktop phishing there is no difference in the domain name of the fake and original page. This is also the main drawback of normal phishing. Tab Napping Tab Napping is Tab+Kidnapping. All the browsers are vulnerable to this. Suppose you are browsing the internet in your favourite browser with multiple tabs open, in one of the tabs you have your favourite social networking website open and your accessing multiple tabs, after that when you browse to your social networking websites tab you find that the session has expired and it requires you to login again and and you enter your credentials and successfully redirected to your homepage or the inbox. This seems normal and doesn’t matters but actually something happened in the background when you were switching between the tabs, while you were browsing one of the pages in the opened tabs has changed your social networking site’s tab to the look alike login page of that social networking website, you innocently put your password over there and it gets kidnapped any you get tabnapped. But in reality your session never expired and you wont to come to as after putting your password your inbox or the home page is in front of you. How to be protected from tab napping? If you really think that your session has expired out or if there is any such notification, close that tab and open the URL in a new tab or simply type the URL manually in the same tab. Browser addons are also available but 100% percent dependency cant be assured but atleast something is better than nothing. The browsers can only alert you sometimes and afterwards the decision yours. Whats the DAMAGE?? 1. Not able to access the e-mail account or other online accounts. 2. Financial loss. 3. Identity theft. The attackers can use the identity information to create fake accounts in the name of victim or could destroy credit or the end result could be a destroyed life. It is estimated that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by Phishing, totaling approximately US$929 million How to detect phishing ?? Unsolicited Request: In the examples above, the mail from a bank is there but the fact is that no financial organisation or bank asks for your login credentials or your information on calls or e-mails. If you feel so that the information is required visit the bank or the organisation personally.
  • 6. Dear Customer ,no financial organisation or legitimate company addresses you by this, they have your name in their records and will address you by the same. ‘Verify your account’ These are the favourite words of the attacker in a phishing message. If you missed the above two points, be alert on reading these words atleast. ‘Click on the link below’ If you find these words in the message be alarmed, never click on the link or check it properly otherwise. These links will probably take you to a fake page of the real legitimate company. The phishing message generally contains many mistakes whether it is the language or the grammar. Last but not the least trust your instincts, if you are feeling that the message then it probably is. If you have a account with the bank or any legitimate organisation then you must be knowing the website of it, so there is simply no need to click on the link in the phishing message, simply open the website of the concerned organisation manually by typing the address. Watch out for the URL ( Uniform Resource Locator ), in simple words it means the text that appears in the address bar of your browser or the address of any website. Like in the above examples at the beginning, the change or the tampering in the URL is visible , they are tampered so as to look like the web address of the real company. Below is an example: http://www.google.com Real Address http://www.g00gle.com Fake Address How to protect yourself ?? Now as you know what are the signs of phishing you can take some protective measures to protect yourself from it. 1. Never respond to such mails. 2. Never give or punch your password on the telephone. 3. Inform the concerned organisation. 4. Check the URL, 5. Do not panic when you receive such messages. 6. Never provide your password on any unsolicited request over the internet or telephone oe any other medium. 7. If you have doubts contact the organisation personally. 8. Never click on links provided in the mail, open the webpages manually. 9. Review your account statements periodically to make sure that all the charges are genuine. 10. If any popus seeks your personal information, it may be a phisher. 11. Updated antivirus software, link scanner, spyware program is of great help. 12. Be cautious when you download attachments irrespective of the sender.
  • 7. 13. Never run any type of script in your address bar while you are signed in with your account. 14. Use different passwords for different sites, in today world of technology it may be hard but it helps a lot in protecting your information from phishers. 15. It is well said that a little info is not dangerous, be aware and updated about phishing attacks. 16. Never be taken away by money offers as in lottery scam or for a survey or it may be a product you never purchased, greed doesn’t pays. 17. Logout everytime after accessing your bank info or any other website that is related to your private info. Do not just close the browser specially at public terminals. 18. Two Factor authentication such as a combination of a software password and an ATM card number can help you increase your security. 19. If any of your accounts have been compromised, shut down them at once. 20. If you even suspect that your password has gone to wrong hands, change it immediately. 21. Trust your Instincts. 22. Review the SSL certificate of the website on which you are providing your personal or any other private info. Every legitimate or original company has a SSL certificate so as to transmit the data securely over the internet. Every genuine login page opens with https instead of http, s in https is for secure. For example : https://www.gmail.com https://www.citibank.com When you open a original page, you can see a golden lock either at the address bar or near the bottom right corner of the browser which is absent in case of fake webpages. You can also look for a verisign certified logo on the website link, it is organisation that provide security certificates to the websites of various organizations. Also , if while opening a webpage you receive a certificate error then there is a probability of the website bring not real, a fake certificate may have been generated for the legitimate webpage. Anti-phishing websites There are various websites available on the internet that help you fight phishing and protect you from it. These websites maintain a collection of database of phishing website, you can report a phishing webpage if you discover any to these websites also. These sites also help you in determining whether a given webpage is a real or a fake one, you simply have to provide a URL you want to check. Some of these websites also teach you to discriminate between a phishing page and the real one. Following are some of the website : www.antiphishing.org www.phish-no-phish.com Anti-phishing softwares
  • 8. Anti-phishing softwares help you to detect phishing webpages and e-mails by scanning them and looking for the phishing content. The attackers now a days are aware of this fact and instead of sending text they are sending the e-mails in the form of images to make things difficult for these softwares. Phishing pages can also be detected by the web browsers, web browsers now a days have the capability to detect and report possible phishing pages to the user. Some of the browsers may require extra plugins like that of an antivirus for detecting this.