Date post: | 18-Jul-2015 |
Category: |
Social Media |
Upload: | rahul-singh |
View: | 218 times |
Download: | 0 times |
Phishing Basics (1) Pronounced "fishing"
Scam to steal valuable information such as credit cards, social security numbers, user IDs and passwords.
Also known as "brand spoofing"
Official-looking e-mail sent to potential victims ◦ Pretends to be from their ISP, retail store, etc.,
◦ Due to internal accounting errors or some other pretext, certain information must be updated to continue the service.
Four step to bieng a cyber thief!! 1. Prepare a scam web page(of wesite whose u want to know
the password like:any social networking site,bank site etc)
How to prepare a scam page
1. Open the web site page
2. Save the source code of that page.
3. Make some changes i.e give a coding which includes
(a).Website of hacker
(b). Coding which take that id and password to hacker’s website.
2. Now hacker attach that page with his email send it to 20 or more e-mail id’s.
(Now he might catch a fish atleastone who give his id and password on that scam web page.)
3. Hacker will just note that id and password from his personal site as described in the coding while preparing scam page.
4. now the hacker just use that id and password to transfer money from bholla’s account to his account.
Serious Problem
“Illegal access to checking accounts, often gained via phishing scams, has become the fastest-growing form of consumer theft in the United States, accounting for a staggering $2.4 billion in fraud in the previous 12 months.”
-- Gartner Group
APWG Regular Reports
Phishing Activity Trends Report sep. 2010
4942: Number of active phishing sites reported in Oct 2010
25%: Average monthly growth rate in phishing sites July through sep
44: # brands hijacked sep
USA: country hosting most phishing Websites.
1. Allways check the url
Based on a slide copyright © 2004 Don Holden, CISSPUsed with permission (and thanks).
Not the realaddress bar
See http://www.antiphishing.org/news/03-31-10_Alert-FakeAddressBar.html