Phishing is a most popular technique used for
hacking passwords and stealing sensitive
information like credit cards, banking username &
passwords etc. Phishing aka fishing attack is a
process of creating a duplicate copy or a clone
of a reputed website in the intention of
stealing user’s password or other sensitive
information like credit card details. Phishing
scams prompts users to enter sensitive
details at a fake webpage (phishing page)
whose look and feel are very identical to
legitimate webpages. In most cases, the only
difference is URL. URL can also be spoofed in
some cases if the legitmate website is
vulnerable.
It is difficult for a commoner to identify the
phishing scams page because of its trustworthy
layout.
How phishing works?
Hackers / Attackers target general public and
send them phishing links through email or
personal message where the victim is
prompted to click on a link in the email. The
user / victim will get navigated to a Phishing
page that pretends to be legit. Common people
who don’t find that phishing page suspicious are
induced to enter their sensitive information and
all the information would get sent to the
hacker / attacker .
Phishing Example
Lets take Facebook as an example, Creating a
page which perfectly looks like Facebook login
page but putting it in a different URL like
fakebook.com or faecbook,com or any URL
which pretends to be legit. When a user lands on
such page, he/she might think that is real
Facebook login page and asking them to provide
their username and password. So the people
who don’t find the fake login page suspicious
might enter their username, password and the
password information would be sent to the
hacker/attacker who created it, simultaneously
the victim would get redirected to
original Facebook page.
How could you protect
yourself from phishing
scams?
Hackers can reach you in many ways like email,
personal messages, Facebook messages, Website
ads etc. Clicking any links from these messages
would lead you to a login page. Whenever you
find a email that navigates you to a webpage,
you should note only one thing which is
URL because nobody can spoof URL except
when there is any XSS zero day vulnerability.

Real Life Example : John is a programmer, he
creates a Facebook login page with some scripts
to enable him to get the username and
password information and put it in https://
http://www.facebouk.com/make-money-online-tricks.
Peter is a friend of John. John sends a message
to Peter “Hey Peter, I found a way to make
money online easily you should definitely take a
look at this https://www.facebouk.com/make-
money-online-tricks”. Peter navigate to the link
and see a Facebook login page. As usual
Peter enters his username and password of
Facebook. Now the username and password of
Peter is sent to John and Peter get redirected to
a money making tips page https://
http://www.facebouk.com/make-money-online-tricks-
tips.html. That’s all Peter’s Facebook account is
hacked.

Phishing scams
Phishing scams are attempts by scammers /
hackers / cybercriminals to trick you to enter
your sensitive infomation like internet banking
username & passwords, credit card details etc.
As described above, phishing scams focuses on
retrieving monetary details indirectly.
Phishing email
Most of the time phishing scams happens
through email. Hackers spoof the email address
of any legitmate website or authority to send
phishing scam email, so the users are convinced
to believe that the email is sent from a legit
website. Email address can be easily spoofed
using email headers. Server scripting languages
like php helps a commoner to spoof from email
address easily. Popuplar email services like gmail
are smart enough to identify phishing email and
route it to spam folder. But still there are
some ways for a hacker to send phishing emails.What is the URL you see in browser address
bar? Is that really https://
http://www.coorectspellingofwebsite.com ? Is there any
Green
colour secure symbol (HTTPS) provided in the
address bar? if there is that green secured sign
and if the URL is correct, then you are safe BT
otherwise do not input sensitive information
there.
I hope you’ve learnt something new today.