Skip to main content

Phishing - Hook for your data


Phishing is a trap to get your sensitive data through email which seems, it is from a trusted and well-known sender. This fraudulent attempt is done by online scammers (cybercriminal) to steal your identity and passwords to do crimes. The term “Phishing” was first used in 1996 that occurred in Usenet newsgroup called AOHell. Since the earlier hackers are called “Phreaks”, the ‘f’ in fishing replaced by ‘ph’. Even phishing attacks start to propagate through email, now it held by phone calls too.

Mostly the attackers target a certain group or individual, Instead of sending emails to a large number of people. And those email seems like it is from reputed organization. Phishing emails make recipient panic by saying that your account has been hacked or there is an unrecognized activity occurred in your account and forced them to change their credentials using a given link. On the other hand, victims encourage to click on the link by saying that they have won a reward. When the receiver clicks on the malicious link, it will be redirected to the fake website with trustworthy features. Otherwise, it will download malicious software to your device.

With the details you entered using the link, the scammers are allowed to do any kind of crimes.
  • Invade into your mail inbox.
  • Steal money from your bank account.
  • Extort the victims by saying that they have your confidential details and photos.
  • Demanding ransom to recover your device.
  • Compromise the targeted device and take administrative control.
  • Used for political campaign and more…
Therefore initially you have to have a cautious look at the emails you received even if it says office document.
  1. Analyze the URL. If you hover the mouse over URL, it will display where you will be redirected to. There is some web source to check whether it redirects to a legitimate site. Look whether it starts from HTTPS instead of HTTP and concern on the spelling of the URL too.
  2. Check the structure. There can be misspelled words and grammar error in the email and places somewhere look informal.
  3. Never click on the link which cannot be differentiated.
  4. Contact the organization and verify whether they have sent such emails via the correct contact number. Not through mentioned in those emails.
  5. Keep update your operating system and web browsers.
  6. Use antivirus software.
  7. Use two factor authentication and other security mechanism for online and social media accounts.
  8. Frequently change your passwords.
 According to the recent analysis by security provider Mimecast, there is one in 61 emails in our mail inbox now contains a malicious link. Between August to November and December to February, the number of emails that contains malicious link has increased by 126 percent. Consequently there is a necessity to protect ourselves from phishing to prevent data breach.

                     "Fishing is relief. Phishing is not!"






Comments

Post a Comment

Popular posts from this blog

Exploit Windows 2000 machine using the Metaspolit framework from the Kali Linux machine.

Exploit Windows 2000 machine using the Metaspolit framework from the Kali Linux machine. When the windows 2000 the machine came for public use, many vulnerabilities were identified. This was caused by the number of vulnerabilities in IIS services. Many attacks came from remote sources through the internet and there were critical flaws due to the vulnerable encryption methods. From this article how the vulnerabilities of windows would be identified using Nessus, and exploit it using Metasploit in kali machine will be described. To do it I am using my main operating system (OS) kali and virtual machine windows 2000. For that IP range of both machines should be in the same range to ensure those are in the same network. Therefore network setting was fix as bridge adaptor in windows virtual machine. Check IP of kali using ifconfig Check IP of windows using ipconfig Then Nessus vulnerability s...
Post a Comment
Read more

Change Language in Google Account

When we create an email address, sometimes we do not consider the language preferences. Afterward, when we log in to a google account, context will be shown as unfamiliar. So we can change the language preferences of google account by following steps.  1.  Click on the Google profile and select google account 2.  Select data & personalization settings. 3. Scroll down and go to general preferences for the web. And click language. 4. If you need to change the default language, click on the pen sign. 5. If you want to add more languages, click on add other languages.
Post a Comment
Read more

Double Submit Cookie

Double submit cookie is one of the prevention method for Cross-Site Request Forgery ( CSRF ) . Same as the synchronizer token pattern, it is using a cryptographic random value to validate a request agent. However, the implementation is different since the way it is saved is dissimilar. Here, the generated token value is saved in the browser, not on the server. Therefore servers no need to save huge amounts of data. When a user makes a request, the server compared the token value in the form DOM element (in the body) and token in the cookie header of the request.  (Click on the images to view clearly) Source code of the implemented program can be downloaded from here . A login page, index.html has been implemented to enroll users. Once the user entered the credentials, the form data will be submitted to login_handler.php using POST method. If the username and password are correct, the user session is started and the username will be assigned to ...
Post a Comment
Read more