5. Technique -1 Link manipulation In this technique hackers manipulate links in such manner that it’s difficult for user to identify whether is page is served form correct website or fake website. Few of such techniques are 1. Misspelled URLs e.g. http://www.0rkut.com 2. Sub domains e.g. http://www.yourbank.com.example.com/ 3. Using “@” e.g. http://www.google.com@members.tripod.com/ Technique -2 Website forgery In this technique hackers alter the address bar 1. Hiding Address bar 2. Altering the content of Address bar using scripts 3. putting image with legitimate URL over address bar 1 2 4 3 Hacker Creates Fake website Send link of website to user using mail/instant messaging User opens link provided by Hacker User start sending/receiving information from Fake website Hacker 1 Fake website 2 4 3 User
6.
7. Web Server IP : 64.233.187.99 google.com 64.233.187.99 64.233.187.99 google.com 1 2 3 4 2 IP add. is not specified in Host file IP add. is specified in Host file DNS & Host File