Tuesday, May 15, 2012

What is Phishing?

Phishing is a method to obtain sensitive username and passwords, credit card numbers, bank accounts by claiming or pretending to be someone you are not. A case study shows that around 80% of email accounts such as Facebook, Yahoo, Hotmail etc get hacked with this method.
Phishing may be of many types. The most common and popular types of Phishing are:
  1. Fake Login Pages
  2. Desktop Phishing
  3. Link Manipulation
  4. Filter Evasion
  5. Tabnabbing

Fake Login Pages – In this method a hacker creates a fake page of any website such as paypal, yahoo, orkut etc similar to the original and asks the victim to login through that page.
Once the victim logins through that page his email id and password gets stored, and hence his account gets hacked. The fake pages which are created by script kiddie’s have lots of errors as they have some or no knowledge of HTML and PHP, however the hackers which creates exact pages without errors are familiar with HTML (Hyper text markup language) and PHP (Hypertext processor).

Desktop Phishing is another type of Phishing. In desktop phishing hackers change yourWindows/System32/drivers/etc/hosts file, this file controls the internet browsing in your PC. Hackers send a Phisher arm which when installed into victims computer changes its Windows/System32/drivers/etc/hosts file. When victim tries to log in to real page he is redirected the fake page and thus loses his password there.
The figure below shows the working of desktop phishing:

Link Manipulation is another type of phishing. The method is same like the one with the fake login page, but in this method the hacker does not upload the files to a normal web hosting site, instead he buys a domain. For example: If the target is www.orkut.com then the hacker will buy something like www.okrut.com,www.orkutt.com. When the victim will see the fake page he will think that the website is original, as there is a slight difference b/w web address, therefore he/she will login through it and loose their password.

Filter Evasion. In this method the hackers use images instead of text. The reason why they do so is to make it harder for anti-phishing filters to detect the text. These are commonly used in phishing emails.
The figure below will show you an example of a Phishing scam:
The Hyperlink “Click here to activate your account” in the above email will take the victim to fake paypal login page where he/she will loose his password.
Here is another example of a Phishing email:

Tabnabbing is a new type of phishing and the most dangerous one. In this method the hacker takes advantage of multiple tabs. The victim visits the attackers site and opens another tab leaving the attacker site open. While the victim browse other tabs the attackers site redirects it self to the fake login page say facebook. Now when the victim will see the fake page he will think it’s as a normal facebook page and will login through it and therefore gets his/her account hacked.

Security Tips and Countermeasures:
Almost 80% of the email accounts are hacked by the method of Phishing. The below steps will help you to successfully avoid being a victim of a Phishing attack.
1. If you are an Internet Explorer user, I recommend you to use a Phishing Filter. It will alert you every time you come across a Fake login page or Phisher site: Download Phishing Filter
2. If you are a Firefox user, I recommend you to use a Firefox add-on: Secure Login. What “Secure Login” does is it automatically skips the fake pages and hence securing you from all kinds of Phishing Attacks.
3. Remember to recognize a secure page. Look for “https” at the beginning of the URL and the padlock icon in the browser.
4. Sites like PayPal, Alertpay, Money Bookers… will always call you with name, instead of “Dear Paypal user”, “Dear Valued customer” or other names like that.
Here are a few phrases to look for if you think an e-mail message is a phishing scam:
  • Verify or update your account.
  • You have won a lottery.
  • If you don’t respond or update your information your account will be closed in 24 hours.
Link Manipulation
To avoid being a victim of a Link manipulation attack always check the url of the page before logging.
For example if you are logging into a Facebook account firstly check the url of the site. The phisher site may look like www.facebok.com or www.facebuk.com or something like that.
Desktop Phishing
To protect your self from being a victim of Desktop Phishing, I recommend you to use a program calledMacros. As you already know in Desktop Phishing the hacker replaces your Windows/System32/drivers/etc/hosts file, this file controls the internet browsing in your PC.
What Macros does is it protects your host files, which prevents the desktop phishing attack.
The easiest way to avoid a Tabnabbing attack is using Firefox Secure Login and Phishing Filter.