What is a phishing?
Phishing is a type of hacking where the attacker copy a website that you use in order to acquire information such as email, username and password. An attacker will copy the exact source code of a given page then change on how the data will be transmitted, instead of sending it to the server the webpage will simply log your data and redirect you to the actual site.
How to detect a phishing site?
The URL:
The very first thing you should see is the URL or Uniform Resource Locator, so a phishing site for facebook will not show http://facebook.com in your address bar, the attacker will have for example facebo0k.webhost.com, so whenever you are asked to sign-in you have to look first in your address bar and see if it is the real site.
Redirect:
A phishing site is not connected to the actual site so the best thing it can do is to redirect you to the original website after giving your information.
For example:
You are in facebook and someone send you a link. You clicked the link and you see the facebook home page and asking you to login.
You will normally see the website asking you to login (see picture above). And because you want to see the link or just relogin you will enter your email and password (you are not actually logged out), when the phishing site got your account it will just simply redirect you to the original website. Because you are not really logged out you will still see your account and suspect nothing, but your information is already stored in their database. If you experience clicking a link and you are suddenly logged out for no reason then it can be a phishing site and look for the URL first before doing anything.
Source:
0 comments:
Post a Comment