304 North Cardinal St.
Dorchester Center, MA 02124
Phishing attackers lure web (here email) users to login to fake websites (which resemble the original website), so that the account credentials like username and password are transferred to them. If users tried to login to these fake websites they will be transferred to the scammers. Attackers in most cases send fake emails and ask users to login to a site to reset their password. They use fake information from websites like PayPal, Hotmail, Citibank etc and ask users to login to change their account password or other important information. And once user click the link given in the email, a fake websites – resembling the original site is opened, there he enter his actual information (username and password). This important information is send to the spammer/attacker which they use to hijack your accounts or money transfer from bank account in most cases.
Below are the common techniques used by attackers/spammers –
In this technique Attackers use a domain name which resemble or looks like the original one. They use some form of technical deception designed to make a link in an email appear to belong to some trusted organization or spoofed organization. Misspelled URLs or the use of sub domains are common tricks used by attackers/phishers, such as this example URL
They also include original logos and other identifying information taken directly from legitimate Web sites. And to make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site (1), but it actually takes you to a phishing site (2) or possibly a pop-up window that looks exactly like the official site.
These copycat sites are also called “spoofed” Web sites. Once you’re at one of these spoofed sites, you may send personal information to the hackers.
Phishers uses images instead of text to make it harder for anti-phishing filters/applications to detect text commonly used in phishing emails. This is the reason Gmail or Yahoo will disable the images by default for incoming mails.
Attackers send these emails to a large number or victims (people like you and me) so they use common or generic terms and sentences like
The most common, easy and powerful weapon is common sense. Just use your mind before clicking any link in email.
Other rules that every user should follow are –
I hope these measures will help you in preventing the Phishing Attack.