Dear friends,
How are you,hope you will be fine definitely,
I am going to share my knowledge with you about “PHISHING”. Basically it sounds typical that of fishing and work same like a catcher puts a catch to lure a fish similarly a hacker puts a lure to inspire you to click on the link or attachment which seems to came from one of your own mail contacts list. when you click on the link a page very much imitate of that of login page of gmail, yahoo, rediff or else pops up and ask you to login for further proceedings and when you put your credentials into it, your username and password passes to the hands of cyber criminals and you just phished off..
Yesterday I had gone through a news in which it was alerted that “A new highly effective phishing technique is targeting Gmail users, along with other email services”
Mark Maunder, the CEO of WordPress security plugin Wordfence, says the attacker will send an email to your Gmail account. That email may come from someone you know who has had their account hacked using this technique. It may also include something that looks like an image of an attachment you recognize from the sender.
If you click on the image, expecting Gmail to give you a preview of the attachment, a new tab will open up, prompting you to sign in to your Gmail account again. At first glance, the location looks like a service login page, but it is actually a phishing attempt.A sign-in page for Gmail pops-up. Once you complete sign-in, you account has been compromised. Once they have access to your account, the attacker also has full access to all your emails including sent and received at this point and may download the whole lot. and the same thing repeats with the contacts downloaded or copied from your mail account and the process keeps on moving and expanding.
Phishing is quite familiar with a group of computer geeks known as hackers and those who prefer crime through cyber space, as it is far easier to trick someone into clicking a malicious link in a seemingly legitimate email than trying to break through a computer’s defenses by putting malware on your system or steal your credentials.
Spear fishing ,Whaling ,email Spoofing – sometimes individually or sometimes combined used by the attacker to bring the target under impression of faith so that he/she submits before the attacker’s technique.
Spoofing is forgery of email header appearing to be orginated from somewhere by someone from other source and tactics is used in phishing. Main aim of email spoofing is to force targets to open, and possibly even respond to, a solicitation.
Spear phishing is targeting particular organization and cannot be done by individual hacker but can be performed through perpetrators out of gains.
Whaling in which high profile individuals like CEOs, celebrities, corporate tycoons and politicians emails are targeted.
Hacker in original sends you a script in the form of attachment when attachment is clicked a new page opens in which it asks to log in and when person logs into nothing happens but the entered data is saved and transferred to the hacker through that very script.
Question arises then How is one safe from such kind of fraud , in this case one has to be alert when such spoofs occurred. When you sign in to page of any service, check the browser location url bar and verify there isn’t any extra text mostly in the form of
<script src=data.text/html/https://,,,,,,,,,,,something like that, then definitely it is fake page from one of the cyber crime world.
always use https: ,,in url entries
But safety is better than cure. keeps on changing your password every while and then, if your email contains some sensitive or urgent useful data.
Service providers too bring two step verification methods which helps to protect your emails.
The field is vast but ‘
Hope this helps you to understand a part of hacker’s one of the styles to peep into your accounts.
Thanks
Jagat
jagatprasad 