Skip to main content

Phishing - Hook for your data


Phishing is a trap to get your sensitive data through email which seems, it is from a trusted and well-known sender. This fraudulent attempt is done by online scammers (cybercriminal) to steal your identity and passwords to do crimes. The term “Phishing” was first used in 1996 that occurred in Usenet newsgroup called AOHell. Since the earlier hackers are called “Phreaks”, the ‘f’ in fishing replaced by ‘ph’. Even phishing attacks start to propagate through email, now it held by phone calls too.

Mostly the attackers target a certain group or individual, Instead of sending emails to a large number of people. And those email seems like it is from reputed organization. Phishing emails make recipient panic by saying that your account has been hacked or there is an unrecognized activity occurred in your account and forced them to change their credentials using a given link. On the other hand, victims encourage to click on the link by saying that they have won a reward. When the receiver clicks on the malicious link, it will be redirected to the fake website with trustworthy features. Otherwise, it will download malicious software to your device.

With the details you entered using the link, the scammers are allowed to do any kind of crimes.
  • Invade into your mail inbox.
  • Steal money from your bank account.
  • Extort the victims by saying that they have your confidential details and photos.
  • Demanding ransom to recover your device.
  • Compromise the targeted device and take administrative control.
  • Used for political campaign and more…
Therefore initially you have to have a cautious look at the emails you received even if it says office document.
  1. Analyze the URL. If you hover the mouse over URL, it will display where you will be redirected to. There is some web source to check whether it redirects to a legitimate site. Look whether it starts from HTTPS instead of HTTP and concern on the spelling of the URL too.
  2. Check the structure. There can be misspelled words and grammar error in the email and places somewhere look informal.
  3. Never click on the link which cannot be differentiated.
  4. Contact the organization and verify whether they have sent such emails via the correct contact number. Not through mentioned in those emails.
  5. Keep update your operating system and web browsers.
  6. Use antivirus software.
  7. Use two factor authentication and other security mechanism for online and social media accounts.
  8. Frequently change your passwords.
 According to the recent analysis by security provider Mimecast, there is one in 61 emails in our mail inbox now contains a malicious link. Between August to November and December to February, the number of emails that contains malicious link has increased by 126 percent. Consequently there is a necessity to protect ourselves from phishing to prevent data breach.

                     "Fishing is relief. Phishing is not!"






Comments

Post a Comment

Popular posts from this blog

Cyber Chef - Bake your data!

The cyber chef is a security tool which uses for encoding, decoding, encrypting and data analytics. It is available on GitHub ( https://gchq.github.io/CyberChef/ )  and provides services from simple encoding process to complex encryption process. It was implemented for the British government as a  part of MI5 and MI6 project. However, now it can be used by both technical and non-technical personnel without the knowledge of algorithms. The cyber chef is a freely available web application that can be used online. The offline version is also available to download. The cyber chef has some features to complete conversion tasks. Input –  Where to paste or write text that wanted to convert. Up to 500mb file can be dragged to the input field. Output – Where converted text is displayed. Recipe – where tools used for converting are dragged and dropped. Operations – Contain all the operations. These operations covert input text into selected form and display in output filed.
Post a Comment
Read more

Change Language in Google Account

When we create an email address, sometimes we do not consider the language preferences. Afterward, when we log in to a google account, context will be shown as unfamiliar. So we can change the language preferences of google account by following steps.  1.  Click on the Google profile and select google account 2.  Select data & personalization settings. 3. Scroll down and go to general preferences for the web. And click language. 4. If you need to change the default language, click on the pen sign. 5. If you want to add more languages, click on add other languages.
Post a Comment
Read more

Exploit Windows 2000 machine using the Metaspolit framework from the Kali Linux machine.

Exploit Windows 2000 machine using the Metaspolit framework from the Kali Linux machine. When the windows 2000 the machine came for public use, many vulnerabilities were identified. This was caused by the number of vulnerabilities in IIS services. Many attacks came from remote sources through the internet and there were critical flaws due to the vulnerable encryption methods. From this article how the vulnerabilities of windows would be identified using Nessus, and exploit it using Metasploit in kali machine will be described. To do it I am using my main operating system (OS) kali and virtual machine windows 2000. For that IP range of both machines should be in the same range to ensure those are in the same network. Therefore network setting was fix as bridge adaptor in windows virtual machine. Check IP of kali using ifconfig Check IP of windows using ipconfig Then Nessus vulnerability s
Post a Comment
Read more