If you search on internet what is phishing Wikipedia may define it as “phishing is the criminally fraudulent process of attempting to acquire sensitive information such as user names, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.” This definition itself says that phishing is a special program which is created to run some unofficial web data on your web browser to acquire your personal details such as user name and passwords or your credit card details or your internet banking details.
How phishing works
Example 1: Suppose you are checking your emails and you found a mail from your bank. You’ve gotten e-mail from them before, but this one seems suspicious, especially since it threatens to close your account if you don’t reply immediately. What do you do?
Example 2: or suppose you have received an email from a social network which you are using with text like “Congratulations Mobipride.Com has selected you as a global administrator but we need to verify your account as soon as possible to give you moderator controls of the website click on http://mobipride.xyz.co.xy/verify.php”
Those message and others like them are examples of phishing
Most people associate phishing with e-mail messages that spoof, or mimic, banks, credit card companies or other business like Amazon and eBay. These messages look authentic and attempt to get victims to reveal their personal information. But e-mail messages are only one small piece of a phishing scam.
1. Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business. They often use the same mass-mailing and address collection techniques as spammers.
2. Once they know which business to spoof and who their victims are, phishers create methods for delivering the message and collecting the data. Most often, this involves e-mail addresses and a Web page.
3.This is the step people are most familiar with — the phisher sends a phony message that appears to be from a reputable source.
4.Phishers record the information victims enter into Web pages or popup windows.
5.The phishers use the information they’ve gathered to make illegal purchases or otherwise commit fraud. As many as a fourth of the victims never fully recover.
How to stay away from phishing scams.
Here are few steps you must follow to stay away from being a phishing victim.
2.Read the email carefully.. Phishing emails always redirect you to fake website if you see our Example2 above the website mentioned in the email is Mobipride.com and the attacker is asking you to verify your user name and password on site which have domain http://mobipride.xyz.co.xy which is not a TLD (Top Level Domain) i.e. Mobipride.com of the website in concern. Immediately block such senders.
3. Avoid emails which are created to gain trust from you.
a. I am Amanda and my husband died in car accident. He left 50 million US dollars for me. I like to give it to you… etc.
b. Hello son I am your uncle some attackers are trying to attack on my website take this user id and password and log in to check.
c. US state lottery. Congratulations!! You have won $1000000000 Call 18990200xxxxx to claim.
d. Pop up on some site opens saying Congratulations!! You are the 100000 th visitor of this site call xxxxx to claim your gift/cheque/money.
These are some real examples you must ignore such phishing attempts.
4. You must use virtual keyboard while entering data on your bank website or e-commerce related website if you are on public computer or you are not sure that some harmful Spywares like keyloggers are installed on your PC.
5. You must check SSL certificate of the website if present: SSL certificates are provided to websites by trusted certificate authorities web browser identifies website is running on a secure and trusted gateway by checking https protocol. Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol with the SSL/TLS protocol to provide encrypted communication and secure identification of a network web server. HTTPS connections are often used for payment transactions on the World Wide Web and for sensitive transactions in corporate information systems. HTTPS should not be confused with Secure HTTP (S-HTTP) so you must check https://www.real-bank-name.com and certificate of the same domain name.
This is the example of a secure website. here on address bar you can sees that the protocol used is https and the website is also having certificate issued for domain icicibank.co.in which is also used at address bar. and on clicking on blue strip of the certificate you can see details of the certificate.
6. And the most important is do not type your password on pop-up window before checking https protocol and domain name of respective website.
By taking such simple precautions you can stay away from phishing scams. I wish you happy net surfing 🙂