What is phishing?
How does it work?
How to protect yourself
Conclusion
What is phishing?
Phishing is basically fraud and fake traps to get the victim's password or any sensitive information that compromises their security. This type of method is most commonly used over email or instant-messaging. Phishing email will attempt to trick the victim into thinking it is from a legit company or any organization that they are well aware of. Phishing emails usually have links to the phishing site, where they ask for any personal information. The phishing page is made to look identical to that of the real one, but it is totally a fake. This method is also used with social engineering.
How does it work?
First, the hacker must set up his phishing page for his victim. He will get to decide what organization the phishing site will be based on to fool the person. Then he would need to create the fake page that would look identical to that of the real page. In order to do so, he would have to go on the organization's website that he will impersonate, and simply view the source code of the webpage. The HTML code is then edited with any text editor for it to do the job. Usually the hacker only has to make a few changes in the code that would have the effect of a phishing page.
So how does a phishing page function? The purpose is to get the information the victim has entered, then the stored information will be sent to the hacker, but how? Well, the changes the hacker would make involves the code that asks the victim to submit their info. For in stance, a phishing page for a web-based email site would ask the victim for username and password. After the victim has submitted their info, the modified code sends the stored info to the hacker. This probably needs a website that allows this kind of function; to create forms, integrate them to your site and collect submissions from other people. A good example is Jotform.com. After submitting the info the user is directed to a different page, but since this is a fake page the links probably wouldn't work. The code can be altered to direct the victim to any page the hacker wants. Usually the hacker would want it to display that the victim has entered the wrong the username or password, although it was correct. Or he could make it link to the actual page that appears after submission, to make it more realistic.
When the code is finished, the page is then uploaded to a web-hosting site. Finally, the scam is put into action by sending a link to the phishing page by email, which would seem convincing. If they fell for it, they would have no idea that they had just been scammed.
How to protect yourself
The best suggestion is to be aware of the emails or links that are sent to you that could be a phishing page. This is just another method of hacking that doesn't require computer security; it all depends on the user. So here are some ways of protection:
- First, be cautious of unsolicited emails that claim that they are part of a well-known organization that they aren't.
- Check and read over the mail to make sure it is exactly who it says they are. If the email looks unprofessional or has spelling and grammar errors it is most likely to be a fake.
- Be cautious of the links.
- Try viewing the emails with the full header. It will display the exact IP address the email is from, and then you can match it with the real organization's IP.
- If you're interested, get browsers that have a built-in phishing filter that will catch any phishing sites.
- If you think you just entered a phishing page, always check the url address. If it is not the url of the original page, then it's a phishing page.
- Some web-based email sites allow you to have sign-in seals for your login pages, where you upload your own picture that is specific to you. If your sign-in seal is not displayed, then the page is a fake.
- If you think you are a victim of phishing, report it to the proper authorities.
This is an example of a phishing email, claiming to be a bank.
You can easily check the URL to see if it is a phishing site. This is an example of a fake login page for yahoo.
This is how the real login page of yahoo should look like. Notice the large difference.
Conclusion
You learned that phishing is a popular method of hacking that tricks people into fake websites. Usually this method does not involve much complicated IT skills so anyone could do it. Phishing has become very common now that it is quite simple to watch out for them, and many websites over the internet now has top security. This method also heavily relies on the user's mind. Some users are more easily fooled, while others have more perception and cleverness.
Top of the Page