Phising. What is it and how to identify

nick_ro · 06-28-2011, 10:03 AM

Phising is a technique used by hackers to steal your own private data like user accounts and passwords or card data. For example let's say you have purchased a premium account to a file-storing site like rapidshare or filesonic. The hacker will try to steal your login and password by creating a fake login page of that site. He copies the source code and changes it a little bit, then he is sending it to others or post on forums pretending that he shares with you a file. When you click the link you are redirected to the fake login page and it asks for you to introduce your login and password. These information are sent afterwards to a server which is hosted by the hacker.

So in order to protect yourself from these kind of attacks, always check the URL of your file that you are downloading. It must be turned green or display a lock for security purposes, if you suspect anything do not download.

The area that I slightly highlighted shows the name of the server where hacker is sending your login and password.

krone6 · 06-28-2011, 01:05 PM

Nice storage site... There's other sites with less obtrusive ads than that one was.

nick_ro · 06-28-2011, 01:18 PM

Edited.

cyganista · 06-28-2011, 02:42 PM

Well, your screen shows an extreme phishing case. Obviously looks that it's fake

Trusted websites should look this way:

We can see certificate near the address box. Also there is real address, not any strange domains etc.

Card · 06-29-2011, 04:00 PM

That's why I always type the address in the URL box instead of going there by google search etc. as there are lots of malware results on search engines nowadays.

masdeeper · 06-30-2011, 12:34 AM

In some cases, even with the right domain address in the URL bar, you could still get phished...

The most popular way to do this is with XSS attack...

Am_Threat · 07-06-2011, 06:35 AM

Hi,

PhishTank | Join the fight against phishing

Here you will find all phishing/fake sites.

Card · 07-17-2011, 06:20 PM

Quote:

Originally Posted by masdeeper

In some cases, even with the right domain address in the URL bar, you could still get phished...

The most popular way to do this is with XSS attack...

Yeah, that could also be.
But would that phishing site redirect you to your real account page after login or would it take you to a "dummy" page?

06-28-2011, 10:03 AM	#1
nick_ro Beta Member Join Date: Jun 2011 Posts: 5	Phising. What is it and how to identify Phising is a technique used by hackers to steal your own private data like user accounts and passwords or card data. For example let's say you have purchased a premium account to a file-storing site like rapidshare or filesonic. The hacker will try to steal your login and password by creating a fake login page of that site. He copies the source code and changes it a little bit, then he is sending it to others or post on forums pretending that he shares with you a file. When you click the link you are redirected to the fake login page and it asks for you to introduce your login and password. These information are sent afterwards to a server which is hosted by the hacker. So in order to protect yourself from these kind of attacks, always check the URL of your file that you are downloading. It must be turned green or display a lock for security purposes, if you suspect anything do not download. The area that I slightly highlighted shows the name of the server where hacker is sending your login and password.

06-28-2011, 01:05 PM	#2
krone6 In Runtime Join Date: May 2011 Posts: 330	Re: Phising. What is it and how to identify Nice storage site... There's other sites with less obtrusive ads than that one was.

06-28-2011, 01:18 PM	#3
nick_ro Beta Member Join Date: Jun 2011 Posts: 5	Re: Phising. What is it and how to identify Edited.

06-28-2011, 02:42 PM	#4
cyganista Solid State Member Join Date: Jun 2011 Posts: 12	Re: Phising. What is it and how to identify Well, your screen shows an extreme phishing case. Obviously looks that it's fake Trusted websites should look this way: We can see certificate near the address box. Also there is real address, not any strange domains etc.

06-29-2011, 04:00 PM	#5
Card Baseband Member Join Date: Jun 2011 Posts: 90	Re: Phising. What is it and how to identify That's why I always type the address in the URL box instead of going there by google search etc. as there are lots of malware results on search engines nowadays.

06-30-2011, 12:34 AM	#6
masdeeper Beta Member Join Date: Jun 2011 Posts: 2	Re: Phising. What is it and how to identify In some cases, even with the right domain address in the URL bar, you could still get phished... The most popular way to do this is with XSS attack...

07-06-2011, 06:35 AM	#7
Am_Threat Solid State Member Join Date: Jul 2011 Posts: 7	Re: Phising. What is it and how to identify Hi, PhishTank \| Join the fight against phishing Here you will find all phishing/fake sites.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode