Link to us: http://snipurl.com/describephishingattacks
Phishing is one of the most common attack vectors used by hackers and social engineers to steal identities. Phishing involves sending an e-mail, usually posing as a bank, credit-card company, or other financial organization. The e-mail requests that the recipient confirm banking information or reset password or PIN numbers.
Phishing is the practice of sending fraudulent e-mail messages to addresses requesting them to supply confidential information. The e-mail is disguised to look like a request from a legitimate organization such as a thrift, or a credit card company. Victims may be directed to provide personal account information by responding to the e-mail. The hacker and social engineering is able to capture this information and use it for financial gain. The brief e-mails that addressed masses were no longer the most effective way to trick a victim into giving up their credentials.
Phishing is one of the most common attack vectors used by hackers and social engineers to steal identities. Phishing involves sending an e-mail, usually posing as a bank, credit-card company, or other financial organization. The e-mail requests that the recipient confirm banking information or reset password or PIN numbers.
Phishing is the practice of sending fraudulent e-mail messages to addresses requesting them to supply confidential information. The e-mail is disguised to look like a request from a legitimate organization such as a thrift, or a credit card company. Victims may be directed to provide personal account information by responding to the e-mail. The hacker and social engineering is able to capture this information and use it for financial gain. The brief e-mails that addressed masses were no longer the most effective way to trick a victim into giving up their credentials.
Attacks method
1. Fake Website
Attackers try to convince the user that the email has been by a trusted organization. The phisher then sends out messages to fool a victim into clicking the link in the email and is redirected to a fake website. Links in those emails lead to fake websites that look like the original website. The purpose of the fake websites is to catch the log in data of the user who does not realize that the fake websites is not the real one. The unsuspecting victim log in and their credentials logged.
2. Pop-up windows
A pop up appears that is from a company that you have open in another tab. They may have several tabs or windows open with several different websites including PayPal, Google, Amazon.com and Ebay.When the real website loads, a pop-up appears asking for the user's credentials,to enter your password and your credit card information.The victim viewing the legitimate site in the background would think the pop-up was from a legitimate source and enter their information.
References:
What is Phishing, [Online], Retrieved 1 February 2011.
How to Identify Phishing,[Online],Retrieved 3 February 2011.
URL:http://loginhelper.com/login-security/identify-phishing-attacks/
Phishing PopUps- Fake Requests for Personal Financial Information,[Online],Retrieved 3 February 2011.
URL:http://www.consumerfraudreporting.org/phishingpopups.php
Phishing PopUps- Fake Requests for Personal Financial Information,[Online],Retrieved 3 February 2011.
URL:http://www.consumerfraudreporting.org/phishingpopups.php
Base on what i know, phishing is the part of the hacking skill but its not common in use by hacker because phishing can be done by anyone it is non-professional way to hack people information or detail. Here some example it can be use by hacker to retrieve the users information in details that is cookie. Hacker can plan cookie on any website as their wish, when users pass by the website the browser will automatically download the cookie through the users computer. The function of cookie will retrieve all the information such as user id, password, users surfing pattern and etc.
ReplyDeleteare you sure?
ReplyDeleteI disagree when u says " its not common is use by hacker" , phishing is quite common for hacker.
ReplyDeleteI agree with what anonymous has said... it is actually common for hacker to use phishing...
ReplyDeleteBut phishing can't be done by anyone, must have a level of understanding in phishing.Inserting cookie i don't think it is phishing.. correct me if i am wrong ...
"phishing can't be done by anyone, must have a level of understanding in phishing"
ReplyDeleteAre you sure??
Below is the references that i found... it can be done by anyone by following the tutorial or instruction that provided online.. With the instruction it can be apply on any website which low level security.
Reference:
http://www.techbyte4u.com/2010/09/how-to-hack-facebook-using-phishing.html
"Phishing can't be done by anyone, must have a level of understanding in phishing."
ReplyDeleteYes i am sure, and i have read the article from the link u gave above..
As I said and if u are observant enough, phishing can't be done by anyone, as u can see in the article , (Surbhi) which is the author of the article, have a certain level of understanding, he understand how to write code.
For example :
$value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
----------------------------------------
The code above can't be understand by anyone if u don't have certain level of understanding in codes.