Phishing is another common internet scam. This is a criminally fraudulent process that illegally acquires sensitive information. It hacks passwords and other pertinent personal information that can be used to enter private accounts for malicious intents.
It is usually done by electronic mail or instant messaging. Phishing directs the victim to enter their pertinent details on a fake website. These websites are tricky because they look legitimate and trusting. Scammers get access to important details when victims fall prey to entering their personal information.
Such important details are used to cash out money in the ATM or bank accounts.
You may use SSL that has strong cryptography but it is still impossible for the SSL to detect that the website is fake. This is a social engineering technique example. This is used to fool users and abuse the usability of web security technology.
The phishing techniques were already described as early as 1987 but it was first recorded to have been used in 1996. The term rhymes with the word fishing which means to catch. Phishing catches the financial and personal information of a person, like passwords.
The following are the more common phishing techniques often used:
Links are internet addresses that direct one to a specific website. We usually give out links to our personal blogs or digital album sites to our friends and family via emails or instant messages.
In phishing, these links are usually misspelled. One or two letters make a big difference and it will lead you to a different, and often fake, website, or page. It is a form of technical deception. Phishers use subdomains.
Another method of trickery in links is the use of ‘@’ symbol. This sign originally is intended to include usernames and passwords. These links are disabled by Internet explorer but Mozilla Firefox and Opera just present warning messages that are sometimes not easily noticed.
Aside from this, there is also what we called the Internationalized domain names (IDN) spoofing or the homograph attack.
This is the use of images instead of texts. Through this, anti-phishing filters will find a hard time to detect the emails.
Flash-based websites avoid anti-phishing techniques. This hides the text to a multimedia object.
This is done by using a fake caller ID data to make it appear that the call came from a trusted organization. The operator of the phone who answered your call will ask you to give your account numbers and passwords.
There are many other phishing techniques. Some have developed counter-phishing techniques already but scammers continue to invent still newer tricks. Always be alert and never trust to give your most private details easily.
credit: Unknown Source