3 Phishing is the act of fooling a computer user into submitting personal information by creating a counterfeit website that looks like a real (and trusted) site. It is a hacker technique of "fishing" for passwords and other secret financial info. Phishing (pronounced "fishing") is a type of online identity theft. It uses email and fraudulent websites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information.
4 1. Hacker embeds fake login form to the XSS vulnerable page. It might be on-line shop, internet banking, payment system, etc. 2. Hacker sends Email with the link to this transformed page (actually link contains 3. User clicks the link and opens fake HTML injection code as a web-page. If user enters his parameter). This email looks username and password to login, all pretty similar to emails of their account details will be sent to typically sent from this web- hacker’s web-server. site to registered users (only User may not notice anything strange without user name in because real “Home” or “Welcome” greeting) pages are what he was expecting to see.
6 Spelling and bad grammar. Cybercriminals are not known for their grammar and spelling. Beware of links in email. If you see a link in a suspicious email message, dont click on it. Threats. Have you ever received a threat that your Hotmail account would be closed if you didnt respond to an email message? The email message shown above is an example of the same trick. Spoofing popular websites or companies. Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows.
7 1. Use The Right Domain Name. Every time you log into your social media profile, make sure you’re on the correct domain name of the website. Some sites may have short-cut URL’s, but a good way to tell if a site is legitimate is if it ends in the site’s name (e.g. en- gb.facebook.com is the legitimate address for Facebook users in the UK). 2. Change Passwords Frequently. Changing your login password every few months (or more often if you want to be safer) will throw off almost any hacker on your trail. Passwords should be as long and complex as possible using both numbers and letters non- consecutively. Avoid reusing old passwords and predictable patterns when changing them, like adding the current month at the end.
8 3. Avoid Deceptive and Unfamiliar Links. Clicking deceptive and unfamiliar links or copying and pasting unfamiliar URL’s on your browser can automatically give hackers control over your account. If you don’t know what it is, even if it comes from a familiar or legitimate contact, don’t access it. 4. Choose Apps Wisely. Third-party apps for news, games, and other categories first request permission to access your account, but may do more when you’re not around. Remove apps you don’t use regularly to reduce the chances of it happening. 5. Update Your Browser. Popular online browsers, like Google Chrome or Internet Explorer, have built in security measures that enable phishing and malware protection.
9 Phishing is identity theft. It is fraud. It masquerades as legitimate and trustworthy entities in order to obtain sensitive data. It then uses it to “rip off” the misled user with often tragic consequences. A good protection involves being vigilant and having decent Internet security software installed – like Norton 360. Norton 360 comes with many protective features, including identity theft protection. In addition to this, services like LifeLock add an additional security layer when about identity theft alone.