There are two ways to send a phishing email.The first is a spray-and-pray method which is also known as a shot gun approach. In essence attackers try to gather as many emails as they can and hope that someone will open it and click on a malicious link or attachment. The second method is a little more sophisticated and is known as a spear phishing attempt. Attackers will cherry pick the data they want, find out who has access to the information and specifically target those people.LinkedIn has been a target of this type of phishing method in recent months
Once a victim visits the phishing website, the deception is not over. Some phishing scams use JavaScript commands in order to alter the address bar This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original bar and opening up a new one with the legitimate URL
An attacker can even use flaws in a trusted website's own scripts against the victim. These types of attacks (known as cross-site scripting) are particularly problematic, because they direct the user to sign in at their bank or service's own web page, where everything from the web address to the security certificates appears correct. In reality, the link to the website is crafted to carry out the attack, making it very difficult to spot without specialist knowledge. Just such a flaw was used in 2006 against PayPal.
A Universal Man-in-the-middle (MITM) Phishing Kit, discovered in 2007, provides a simple-to-use interface that allows a phisher to convincingly reproduce websites and capture log-in details entered at the fake site.
To avoid anti-phishing techniques that scan websites for phishing-related text, phishers have begun to use Flash-based websites (a technique known as phlashing). These look much like the real website, but hide the text in a multimedia object.
is in new world more peoples are using mobile phone and mobile apps are used to use social networking site ot all phishing attacks require a fake website. Messages that claimed to be from a bank told users to dial a phone number regarding problems with their bank accounts. Once the phone number (owned by the phisher, and provided by a Voice over IP service) was dialled, prompts told users to enter their account numbers and PIN. Vishing (voice phishing) sometimes uses fake caller-ID data to give the appearance that calls come from a trusted organization.
to avoid phishing trap there are somany methods As recently as 2007, the adoption of anti-phishing strategies by businesses needing to protect personal and financial information was low. Now there are several different techniques to combat phishing, including legislation and technology created specifically to protect against phishing. These techniques include steps that can be taken by individuals, as well as by organizations. Phone, web site, and email phishing can now be reported to authorities, as described below
in paypal or internet banking site security use internet security softwear they give an additional protection in paypal and net banking sites or your security of sever they have somany network security engineers are working don't worry protect your self
Hi. I’m Designer of Blog Magic. I’m CEO/Founder of ThemeXpose. I’m Creative Art Director, Web Designer, UI/UX Designer, Interaction Designer, Industrial Designer, Web Developer, Business Enthusiast, StartUp Enthusiast, Speaker, Writer and Photographer. Inspired to make things looks better.
0 comments:
Post a Comment