Change Language
Sun Sun Sun

You are here: Resources >> What is Phishing?

 

What is Phishing?
 
In computing, phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is usually carried out using email or an instant message.
Click To Buy a Protector UTM Appliance!
Click To Buy a Portable Penetrator Wifi Pen Test!
Click To Buy a Penetrator Pen Testing Appliance!
Click To Buy a Web Security Scan!
Click For a Free Security Scan!
Click For a Free Newsletter!
 
How is Phishing Performed?
 
Most methods of phishing use some form of technical deception designed to make a link in an email appear to belong to the spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers. An attacker will typically choose a bank, payment service, or online auction site and target their customers.
 
For example, let's say your bank's URL is http://www.yourbank.com/. The attacker will send mass emails to the user base of the chosen target site and inform them that they need to login to their account and change their password because of a security risk or a system upgrade.
 
The hacker will provide a link to the fake site (e.g., http://www.yourbank.cm/) but in the email it will say http://www.yourbank.com/ because the email is in HTML. From there, the user will think that the email is valid and visit the fake site and give their sensitive details.
 
They direct the user to sign in at their bank or service's webpage, where everything from the web address to the security certificates appears correct. In reality, the link to the website is crafted to carry out the attack, although it is very difficult to spot without specialist knowledge. Just such a flaw was used in 2006 against PayPal.
 
What does Anti-Phishing Do or Prevent?
 
The SecPoint Protector prevents phishing using several techniques. All emails are scanned for fake sites that do not match the content, so if the content is only 1% erroneous, a warning will be issued to the user. Other techniques are applied to block phishing fake sites so that if a user by a mistake clicks a phishing link, it will be blocked anyway.
 
What can the User do to Avoid Getting Scammed?
 
Do not click on links in your email.
 
If you receive a message from your bank asking you to do something, do not click on links in the email and do not use forms in the email to login. Instead, open your browser, go directly to your bank's website, login, and continue from there. Even if the email is from someone you know, DO NOT CLICK ON THE LINKS.
 
Invalid credentials usually work on impersonated websites.
 
If you feel there is something wrong with a website, use an invalid username and invalid password to login. If the website then presents you with the "Logon failed" page, you are possibly on a legitimate website. It may not always work as sometimes impersonators simulate failed logons for double-checking victim's input or redirect to a legitimate website after collecting credentials. But if your invalid credentials get you right through, it is definitely a phishing attempt.
 
Report the message to the company impersonated in the email.
 
Most financial organizations have guidelines and dedicated email addresses where you can report security problems. If you suspect a message is a phishing attempt, forward it to the organization. You should include all email headers. Do not expect a reply from the organization as they receive thousands of these reports.
 
 
 
Click To Buy a Protector UTM Appliance!
Click To Buy a Portable Penetrator Wifi Pen Test!
Click To Buy a Penetrator Pen Testing Appliance!
Click To Buy a Web Security Scan!
Click For a Free Security Scan!
Click For a Free Newsletter!
 
 
Read more about our services and products here: About SecPoint, IT Security Products, and IT Security Jobs.

 

Get A Free Vulnerability Scan!
Get a Free Evaluation Unit!
How to Buy Locate a Partner!

Follow SecPoint on your
favorite Social Media!



Got a Question?
sales@secpoint.com

See More
 
  Email :
     
Appliance VS Software
What is Cross Site Scripting(XSS)?
What is SQL Injection?
What is a Routing Table?
What is High Availability?
What is Grey Listing?
What is a Web Filter?
What is a Vulnerability?
What is a Proxy Server?
What is a Firewall?
What is a Cookie?
What is a Bayesian Filter?
Test Your Security Policy
Email & Spam Test Links
What is RoHS Weee?
What is Vulnerability Scanning?
What is Vulnerability Assessment?
What is Penetration Testing?
What is a Security Exploit?
What is Appliance Scanning?
What is Zero Day?
What is Unified Threat Management?
What is Intrusion Prevention?
What is a Content-Filter?
What is VoIP?
What is Virus?
What is Spyware?
What is Phishing?
What is P2P?
What is Instant Messaging?
What is Spam?
White Papers
Technology Papers
What is Wi-fi?
What is Wimax?
What is an open relay
What is vlan tagging?
Security Mailinglist Rss Feeds
What is a Man in the Middle Attack?
What is a Botnet?
Top 10 Ways to Protect Your Computer from Hackers
Top 10 Free IT Security Tools
Top 10 Website Security Myths
Top 10 Most Secure Operating Systems
Top 10 Worms
Top 10 Hackers
Top 10 Social Engineering Tactics
Top 10 Spyware
Top 10 Viruses
Top 10 Phishing Scams
SecPoint
Anti-Spyware Tips and Tricks
Anti-Spam Tips & Tricks
Anti-Virus Tips & Trick
How to get rid of malware
How to protect against client wireless hacking
Risks of Cyber Crime
How to choose a vulnerability scanning vendor?
Better Wi-Fi Range without Interference
SecPoint Free Security Scan
IT Security Gurus
Top 10 Myths in IT Security
Top 10 IT Security Tools
Top 10 IT Security Tips
Top 10 Hacker Attacks
Anti-Spam Appliance
Top 10 Spam Attacks
UTM Appliance
Penetration Testing
Application Security
Vulnerability Scanning
Vulnerability Assessment
Internet Filter
Spam Filters
Web Content Filter
WEP Crack
WiFi Security
Anti-Phishing Tips & Trick
PCI-DSS Compliance
Anti-Social Engineering Tips & Trick
Anti-Denial of Service Tips & Trick
Wifi Security Tips & Trick
Anti Hacking – Anti Cracking Tips & Tricks
Wireless Encryption Standards
CIDR Network Information
Virus Spam Bounce Ruleset
Anti-Cross Site Scripting (XSS) Tips and Tricks
Anti-SQL Injection Tips and Tricks
Wifi WEP Encryption Cracking Guide
Wifi WPA & WPA2 Encryption Cracking Guide
How to get rid of a trojan horse
What is Port Knocking?
SecPoint Training Videos
RC Release Candidate Software Firmware
What is SSL?
What is SOCKS?
What is SOCKS5?
Worldwide Security Events
Server Spam Filter
Spam Blocker
Anti-Spam Software
Vulnerability Scanning Appliance
What is a Grey Hat?
What is a White Hat?
What is a Black Hat?
Top 10 Cloud Computing Services
Cloud Security
WPA Key
Block Email Junk
Stop Spam
Anti-Virus
WEP Key
What is Encryption?
What is SSH?
Dell Worldwide Warranty Benefits
Aircrack
Anti-Spam Appliance Guide
Anti-Spam Firewall
BackTrack
Web Filter Appliance
Pen Test Appliance
Security Scanner
WEP WPA2 Crack
What is Blacklisting?
UTM Appliance Anti-Virus
What is FTP?
UTM Appliance WiFi Security
What is Greylisting?
Vulnerability Assessment Guide
What is SFTP?
Vulnerability Scanner
What is Telnet?
Wardriving
What is Whitelisting?
WPA2 Encryption
WiFi Audit
WiFi Pen Test Appliance
WiFi Client Cracking
WiFi Pen Test
WiFi Client Hacking
WiFi Hacking
WiFi Crack
WiFi Hack
WiFi Cracking
 
Privacy Statement | Link Policy | User Policy | IT Security Blog | IT Security Forum | SecPoint Pictures
Event Pictures | Exploit Archive | IT Security Web Shop | Vulnerability Library
IT Security Video | Sitemap
© Copyright 1999-2010: SecPoint®
SecPoint ApS - Lergravsvej 53 - 2300 Copenhagen S - Phone +45 70 235 245
Recent awards Compatible with Visit us on Facebook! Visit us on LinkedIn! Visit us on Myspace!
   
Facebook
Group!
Follow us on Twitter!
Anti-Spam Appliance - Anti-Spam Firewall - Unified Threat Management Appliance Anti-Virus - Web Filter Appliance - Anti Spam Appliance - Anti Spam Firewall - UTM Appliance Wifi Security - Wifi Pen Test - Wifi Crack - Wifi Hack - Wifi Audit - Wep Wpa2 Crack Vulnerability Scanner - Vulnerability Assessment - Security Scanner - Pen Test Appliance