3. 3
Phishing is the act of fooling a computer user into submitting
personal information by creating a counterfeit website that
looks like a real (and trusted) site. It is a hacker technique of
"fishing" for passwords and other secret financial info.
Phishing (pronounced "fishing") is a type of online identity
theft. It uses email and fraudulent websites that are designed
to steal your personal data or information such as credit card
numbers, passwords, account data, or other information.
4. 4
1. Hacker embeds fake login
form to the XSS vulnerable
page. It might be on-line
shop, internet
banking, payment
system, etc.
2. Hacker sends Email with the
link to this transformed
page (actually link contains 3. User clicks the link and opens fake
HTML injection code as a web-page. If user enters his
parameter). This email looks username and password to login, all
pretty similar to emails of their account details will be sent to
typically sent from this web- hacker’s web-server.
site to registered users (only User may not notice anything strange
without user name in because real “Home” or “Welcome”
greeting) pages are what he was expecting to
see.
6. 6
Spelling and bad grammar. Cybercriminals are not known for their grammar and spelling.
Beware of links in email. If you see a link in a suspicious email message, don't click on it.
Threats. Have you ever received a threat that your Hotmail account would be closed if you
didn't respond to an email message? The email message shown above is an example of
the same trick.
Spoofing popular websites or companies. Scam artists use graphics in email that appear
to be connected to legitimate websites but actually take you to phony scam sites or
legitimate-looking pop-up windows.
7. 7
1. Use The Right Domain Name. Every time you log into your social
media profile, make sure you’re on the correct domain name of the
website. Some sites may have short-cut URL’s, but a good way to tell
if a site is legitimate is if it ends in the site’s name (e.g. en-
gb.facebook.com is the legitimate address for Facebook users in the
UK).
2. Change Passwords Frequently. Changing your login password
every few months (or more often if you want to be safer) will throw
off almost any hacker on your trail. Passwords should be as long and
complex as possible using both numbers and letters non-
consecutively. Avoid reusing old passwords and predictable patterns
when changing them, like adding the current month at the end.
8. 8
3. Avoid Deceptive and Unfamiliar Links. Clicking deceptive and
unfamiliar links or copying and pasting unfamiliar URL’s on your
browser can automatically give hackers control over your
account. If you don’t know what it is, even if it comes from a
familiar or legitimate contact, don’t access it.
4. Choose Apps Wisely. Third-party apps for news, games, and
other categories first request permission to access your account,
but may do more when you’re not around. Remove apps you
don’t use regularly to reduce the chances of it happening.
5. Update Your Browser. Popular online browsers, like Google
Chrome or Internet Explorer, have built in security measures that
enable phishing and malware protection.
9. 9
Phishing is identity theft. It is fraud. It
masquerades as legitimate and
trustworthy entities in order to obtain
sensitive data. It then uses it to “rip
off” the misled user with often tragic
consequences.
A good protection involves being
vigilant and having decent Internet
security software installed – like
Norton 360. Norton 360 comes with
many protective
features, including identity theft
protection. In addition to this, services
like LifeLock add an additional security
layer when about identity theft alone.
