When you want to catch fish, you fool fish and hunt them easily by hooking, trapping etc. Like this you can 'fish'(fool) people on internet with help of 'Phishing'(fishing). The 'Phishing' word is based on 'fishing'. In fishing, you hunt fish and in Phishing you hunt people's mind, steal their important data through identity theft/social engineering.
Definition - Phishing:
(1) It is the act of tricking someone into giving them confidential information or tricking them into doing something that they normally wouldn't do.
(2) It is a form of fraud that aims to steal valuable information such as, Bank account details, Credit card details, User IDs and Passwords, etc.
How does it work - Phishing:
Suppose, I am an attacker and I need your Bank account details such as ID and Password for profit/benefits. So, I will try to use Phishing attack out of few more.
I will create fake login page which looks exact like your Bank's login screen. Then, I will upload it on a server and send its link to you via email. So, when you will open your inbox, you will get link of fake login page. You will click on that link and input your ID and Passwords as normally you always enter on your real Bank's login page. In this case, your details will come to me instead of your real Bank because of Phishing. Please check 2 different login pages of Google Mail. (Maybe one is fake!!)
Target - Phishing:
(1) Banks
(2) Online shopping sites
(3) Well-known Email sites
Medium - Phishing:
(1) Email
(2) Messenger
Countermeasure against Phishing:
(1) Never click the links provided in email messages.
(2) Always type Real URL (Unique Resource Locater) in address bar of your browser.
(3) To read emails in plain text prevents some Phishing attacks.
(4) Never click any link in any messenger window.
(5) If you find any doubtful link in your mailbox then instantly 'Delete' it to prevent accidental accessing that link.
Foolproof Countermeasure:
Few banks recently introduced small device named "Security Device". My favorite secured bank website is "HSBC Bank - The World's Local Bank". They introduce "The Security Device" (Shown in following image). This device has unique number, it registered and mapped with your ID and Password. It has a small button on it. When you press that button it will display 6 digit number and it wont remain same next time. So, when you enter HSBC account ID on its login page then they will ask Password along with 6 digit Security Device number which displays on its small screen. Suppose, anyone steal your ID and Password after then he/she will NOT able to login to your HSBC account without having this Security Device. Thus makes HSBC banking even more safer than other Banks.
Definition - Phishing:
(1) It is the act of tricking someone into giving them confidential information or tricking them into doing something that they normally wouldn't do.
(2) It is a form of fraud that aims to steal valuable information such as, Bank account details, Credit card details, User IDs and Passwords, etc.
How does it work - Phishing:
Suppose, I am an attacker and I need your Bank account details such as ID and Password for profit/benefits. So, I will try to use Phishing attack out of few more.
I will create fake login page which looks exact like your Bank's login screen. Then, I will upload it on a server and send its link to you via email. So, when you will open your inbox, you will get link of fake login page. You will click on that link and input your ID and Passwords as normally you always enter on your real Bank's login page. In this case, your details will come to me instead of your real Bank because of Phishing. Please check 2 different login pages of Google Mail. (Maybe one is fake!!)
Target - Phishing:
(1) Banks
(2) Online shopping sites
(3) Well-known Email sites
Medium - Phishing:
(1) Email
(2) Messenger
Countermeasure against Phishing:
(1) Never click the links provided in email messages.
(2) Always type Real URL (Unique Resource Locater) in address bar of your browser.
(3) To read emails in plain text prevents some Phishing attacks.
(4) Never click any link in any messenger window.
(5) If you find any doubtful link in your mailbox then instantly 'Delete' it to prevent accidental accessing that link.
Foolproof Countermeasure:
Few banks recently introduced small device named "Security Device". My favorite secured bank website is "HSBC Bank - The World's Local Bank". They introduce "The Security Device" (Shown in following image). This device has unique number, it registered and mapped with your ID and Password. It has a small button on it. When you press that button it will display 6 digit number and it wont remain same next time. So, when you enter HSBC account ID on its login page then they will ask Password along with 6 digit Security Device number which displays on its small screen. Suppose, anyone steal your ID and Password after then he/she will NOT able to login to your HSBC account without having this Security Device. Thus makes HSBC banking even more safer than other Banks.
No comments:
Post a Comment