Phishing

From Wiki 24x7servermanagement
Jump to: navigation, search

Phishing:

The word "Phishing" means "fraudulent practice of sending emails projecting it to be from reputable companies in order to persuade individuals to disclose their personal information, such as Credit Card numbers, passwords, etc." In other words, it is a criminal act of sending an email to a user with a wrong intention to steal their personal information such as credit card informations, bank login details, social media login details, etc. These emails are manipulated in such a way that it appears to be from a genuine source.. These email when clicked can do multiple things on, it may redirect you to a website or download some stuffs on your machine to deliver it to the attacker..

Types of Phishing:

There are lot of types and they are typically based on the nature of the attack and method they are using it..

Deceptive Phishing

The word "deceptive" means "giving an impression or appearance different from the true one, i.e., in short misleading." This is a very common one that happens to occur where you get a mail stating asking for login information or contains a slink that takes you to a fraud duplicate page that asks for a login credentials. This page looks similar in appearance to the original company, but the URL will be somewhat confusing making you think it is encrypted but actually its not. A similar page is hosted somewhere else, and when you enter the details in it, they are stored and you are directed to the original page immediately and asking for same details again.

You might have been in a situation like this, which I am going to present now. You open up you email account, you see a mail appearing from Paypal as mentioned in it, but actually not, you open the email, it says something, which will make you think that you will have to do this as it is genuine, and you open the URL, it shows a page similar to a PayPal login page where it asks for a Login Credentials (* NOTE-1), you enter up the login credential and click submit, and then you will find yourself again on the same page (* NOTE-2). You will think I added in the information just now and still it did not login, so you will think might be some Internet issue might have occurred which did not let you login.. and you add in the login credentials again and you are in the official website and you see that there is nothing like what is mentioned in an email.

Things to note:

  • NOTE-1 : This was a phishing look alike page where you entered the credentials. This page is hosted somewhere else. You should have checked the URL..
  • NOTE-2 : The refreshed page that asks for the login credentials again is the actual page.

Conclusion: You added the credentials in Phishing page, those credentials are being shared to the scammer and then you are redirected to original page with no back link to the phishing page from there. You are now a Phishing victim.. I would also call this as a man-in-middle phishing because someone in between you and your legitimate company interfered to take details..

Phishing related to malware

This is another type of phishing where you will get a mail with attachment that has a malware attached to it. When you open up this page, the malware will automatically get downloaded on your machine and start collecting the information and do some notorious activity. Often times, you will see something flashed on the screen stating that malware is detected and that your system is not safe and asks you to scan your machine. This is all included in this type of phishing where it will phish your machine for various information. The behavior may differ based on what type of malware is attached and send to you.

Key-loggers is one type of malware that you should be aware of, as they will send in the information what you have typed in your keyboard, and this may be your login credentials from where you are accessing things..

Drop-box and Google Docs Phishing

These are the most common platforms that are available where millions of users connect and save their confidential data. The idea behind this phishing is the same as deceptive phishing, but only difference being the platform. Here they are using most common platforms for collecting the information. This is being targetted on high numbers these days, so the users should use 2-way authentication mechanisms to secure themselves and their data that is shared online..

Phishing through Content-injection

This is something that is very different from the one mentioned above but the purpose is the same. Attacher may get enough hold of your website to inject things he want in it making it redirect to a link he wants to project and gather the confidential information he needs.. I would also classify this under session hijacking type.


I hope this has been informative to you and I would like to thank you for reading this article..