Phishing may fish you!

Phishing E-mail got its birth even before the ARPANET, which gave the birth for internet. Today it has become the main communication channel in the internet. No offence many of the teenagers today might not have send a regular mail via post in their life time!

So does email is a secure communication channel??

Actually for me, honestly I’ve no right yes/no answer for that. In some ways it’s secure and sometimes email is the most unsecured way of transferring messages.

Phishing attacks are a common method that threating the privacy and the secureness of the emails. Today not only with emails, social media channels like Twitter and Facebook passwords are gathered using phishing attacks.

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

This is how Wikipedia says.

Simply what is happening in a phishing attack is, a site is shown to the user pretending as the original site and let the user to enter his/her credentials to it. Pathetically the credentials directly go for hackers?? wallet.

the reply-to address is different from the sending address

the reply-to address is different from the sending address

Recently I got a mail from one of my friends saying she is in a trouble at Turkey and need financial assistance! 😀 I continued the conversation to see how the attack is going on… I got the trick! The mail was sent using her yahoo mail (The real mail of her) and the reply-to address was changed to a fake Hotmail which had the same first part of the real mail!

How the hell that bugger got her Yahoo password?

12179823_10153790073517845_1422396916_n12177864_10153790083567845_96676493_nSimply it was done using a fake mail asking her to verify a signing in from an “unknown” location then a fake page exactly same as the yahoo login. Unfortunately, she has given the username and the password there. Mostly the people who uses mobiles to access their mail become victims of these attacks because most of the mobile browsers are not resistant for phishing attacks.

Phishing link in an attachment

Fake email with an attachment

Fake email with an attachment

Most of the IM platforms and email clients identify the phishing sites and block them. So the hackers are clever enough to use alternate methods like using pdf files as attachments.

What I should do to prevent from phishing attacks?

  • Always re-check the mails you receive, especially when the links there check the URL you redirecting.
  • Update your browser regularly. Modern browsers as Microsoft Edge, Google chrome & Firefox identify phishing sites and block them.
  • If the link is shorten/tinyurl or not familiar don’t give your credentials to it!
  • Check whether it’s https. Secure web! But there may be security holes with SSL too.
  • There are no Nigerian princes who are willing to put 10000000 $ to your bank account! 😀
  • Be careful when using Facebook apps. They may get your password and other private information easily.
  • Use unpredictable passwords. Don’t use your pet’s name as your password! 😀

2fa

Unfortunately I entered my password for such site! 😦 What should I do?

  • Be calm! Don’t get sudden decisions.
  • Change the password/security question of your mail as soon as possible.
  • Add two step verification (SMS notification on login) to the mail.
  • Send a mail to your recipients about the incident and ask them to ignore the attackers mail.
  • If the attacker is still handing your mail, complain to the responsible authorities (CERT etc…)

So guys, think before clicking! 🙂

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s