Skip to main content

Phishing - Hook for your data


Phishing is a trap to get your sensitive data through email which seems, it is from a trusted and well-known sender. This fraudulent attempt is done by online scammers (cybercriminal) to steal your identity and passwords to do crimes. The term “Phishing” was first used in 1996 that occurred in Usenet newsgroup called AOHell. Since the earlier hackers are called “Phreaks”, the ‘f’ in fishing replaced by ‘ph’. Even phishing attacks start to propagate through email, now it held by phone calls too.

Mostly the attackers target a certain group or individual, Instead of sending emails to a large number of people. And those email seems like it is from reputed organization. Phishing emails make recipient panic by saying that your account has been hacked or there is an unrecognized activity occurred in your account and forced them to change their credentials using a given link. On the other hand, victims encourage to click on the link by saying that they have won a reward. When the receiver clicks on the malicious link, it will be redirected to the fake website with trustworthy features. Otherwise, it will download malicious software to your device.

With the details you entered using the link, the scammers are allowed to do any kind of crimes.
  • Invade into your mail inbox.
  • Steal money from your bank account.
  • Extort the victims by saying that they have your confidential details and photos.
  • Demanding ransom to recover your device.
  • Compromise the targeted device and take administrative control.
  • Used for political campaign and more…
Therefore initially you have to have a cautious look at the emails you received even if it says office document.
  1. Analyze the URL. If you hover the mouse over URL, it will display where you will be redirected to. There is some web source to check whether it redirects to a legitimate site. Look whether it starts from HTTPS instead of HTTP and concern on the spelling of the URL too.
  2. Check the structure. There can be misspelled words and grammar error in the email and places somewhere look informal.
  3. Never click on the link which cannot be differentiated.
  4. Contact the organization and verify whether they have sent such emails via the correct contact number. Not through mentioned in those emails.
  5. Keep update your operating system and web browsers.
  6. Use antivirus software.
  7. Use two factor authentication and other security mechanism for online and social media accounts.
  8. Frequently change your passwords.
 According to the recent analysis by security provider Mimecast, there is one in 61 emails in our mail inbox now contains a malicious link. Between August to November and December to February, the number of emails that contains malicious link has increased by 126 percent. Consequently there is a necessity to protect ourselves from phishing to prevent data breach.

                     "Fishing is relief. Phishing is not!"






Comments

Post a Comment

Popular posts from this blog

Exploit Windows 2000 machine using the Metaspolit framework from the Kali Linux machine.

Exploit Windows 2000 machine using the Metaspolit framework from the Kali Linux machine. When the windows 2000 the machine came for public use, many vulnerabilities were identified. This was caused by the number of vulnerabilities in IIS services. Many attacks came from remote sources through the internet and there were critical flaws due to the vulnerable encryption methods. From this article how the vulnerabilities of windows would be identified using Nessus, and exploit it using Metasploit in kali machine will be described. To do it I am using my main operating system (OS) kali and virtual machine windows 2000. For that IP range of both machines should be in the same range to ensure those are in the same network. Therefore network setting was fix as bridge adaptor in windows virtual machine. Check IP of kali using ifconfig Check IP of windows using ipconfig Then Nessus vulnerability s...
Post a Comment
Read more

Double Submit Cookie

Double submit cookie is one of the prevention method for Cross-Site Request Forgery ( CSRF ) . Same as the synchronizer token pattern, it is using a cryptographic random value to validate a request agent. However, the implementation is different since the way it is saved is dissimilar. Here, the generated token value is saved in the browser, not on the server. Therefore servers no need to save huge amounts of data. When a user makes a request, the server compared the token value in the form DOM element (in the body) and token in the cookie header of the request.  (Click on the images to view clearly) Source code of the implemented program can be downloaded from here . A login page, index.html has been implemented to enroll users. Once the user entered the credentials, the form data will be submitted to login_handler.php using POST method. If the username and password are correct, the user session is started and the username will be assigned to ...
Post a Comment
Read more

Plain Blue screen - Kali Linux

When user login to the kali machine, the screen may look plain blue color without any application icon due to the Gnome corruption. To recover gnome with all previously installed packages restart the machine. Select advanced options for kali GNU /Linux Then select *Kali GNU/Linux, with Linux 4.15.0-Kali2-amd64 (recovery mode) When the terminal finish, loading the contents, type root password to log in. To recover the Gnome, Type below command in the root user terminal,       sudo dpkg --configure -a Finally, you can get your previous Kali Linux as it was.
Post a Comment
Read more