Phishing

As many people were curious to know How to hack Facebook account ? How to hack Gmail account ? etc.  One of the tool Hacker or Attacker can use to hack your account is Phishing.
Phishing is the illegal act of acquiring someone's personal information. Its a kind of forgery. Phishing is kind of social engineering techniques which is used to fool user by taking their private or personal information such as their username, password, credit card number, etc. Its a fraudulent use of Web technology, although sometimes it is performed using the phone.
Recently it is done by e-mail spoofing in which a hacker may send a legitimate looking mail which looks like to come from a trustworthy site. This mail will contain the link which will redirect you to the some page and ask you to fill the details like your personal information. These details on submission is sent to the hacker, who can use it in many ways like transferring your money, taking a property on your identity,etc.

Various techniques behind Phishing attack

1. Link Manipulation
Mostly, the Phishing methods uses link manipulation like misspelled links, which sometimes not look suspicious at first site but when you take the closer look you may identify it.
Some examples are:
www.facbook.com ,
www.microsoft.com/account-verifications123/
www.ebay.com/personalinfo-check/

2. Filter Evasion
Phishers are now using images instead of text which makes it harder to detect text by anti-phishing filters. This is the main reason Gmail or Yahoo , by default, disable the images of the incoming mails.

3. Phone Phishing
All the phishing do not required a fraudulent web-page. It can also be done by phone. Once it was reported that Phone call came to the user, person who called used fake details to convince the user that he was legitimate person and asked the user to user to send the account number with Pin, to verify there account.

How to identify the Phishing/fraudulent mail

The phishing mail generally contain the phrases which refers some urgency so that you response immediately without thinking. Example of such phrase is, "If you don’t respond within 48 hours, your account will be deactivated."
"Verify your account."
Phrases like this can be found in the mail. Legitimate sites never ask you to send your personal details through email.

Phishing mails are generally sent in bulk, so many-times it happen that the mail will not contain your first or last name, instead some other thing will be written like
"Dear Valued Customer.”
Generally some phrases or sentence are mentioned in the mail which ask you to click on the link like
“Click the link below to gain access to your account.” or "click here.", etc.When you move over the mouse pointer on this link it will reveal the actual link to which your will be redirected. On closer look it link can be identified as if something is wrong about the link.
Read the Email carefully, if it contains spelling or grammatical error than it is surely a spam because legitimate mail will not have these types of errors.

Security & Precautions

• Change your password frequently, more advisable is that change your password in every three months  and never use the same password for more than one sites.
• Use Phishing filter, today, most of the browser Ex: Mozilla firefox, Google Chrome, Internet explore, Safari, etc, already have phishing filters but you need to check your security settings.
• Do not respond to unsolicited mail which ask for the details of financial information. Try to know whom you are dealing with.
• When you are doing any financial transaction remember to see the address bar, the URL should start with the "https".
• Report anything suspicious to the proper authorities. Immediately alert the company or government agencies through the mail or telephone using Email or calling the number which you know as legitimate.
• If you think you have recieved a phishing Email or you are redirected to the "phishy looking" web-page than you can report it to the Internet Crime Complaint Center at  www.ic3.gov, it is a partnership between the FBI and the National White Collar Crime Center. You can also send the report to US-CERT which stands for "United States Computer Emergency Readiness Team", on the email id "phishing-report@us-cert.gov." They ensure the proper action is taken. If you cannot sent the report than at-least send the URL to them, they will look forward to it.
• Department of Justice also advice the three terms to the consumer, that are "Stop, Look, Call"                    >> Stop: Resist your urge to respond immediately even when if it is asked in the mail.                          >> Look: Read the mail several times and yourself some questions like why the request information would really be needed.    >> Call : Telephone or Email the report to the authorities using the legitimate phone no. or Email Id.

You got Phished ('_')

Now I will tell you, what to do when you got phished.

• Respond immediately and contact the organisation and your financial instute, also report the complete matter to them.
• Contact the three major Credit card bureaus and request them to put fraud alert on your credit card.
• The credit bureaus and phone numbers are:
• Equifax, 1-800-525-6285;
• Experian, 1-888-397-3742;
• TransUnion, 1-800-680-7289.
•   File a complaint with the Federal Trade Commission at  www.ftc.gov or 1-877-382-4357.

If You are having any query, then mail me or comment here!    Keep Enjoying!