Category Archives: phishing

A layman’s guide to avoid phishing

What is it?
For those who don’t know, “phishing” is a term applied for a method to gain private information such as passwords, bank information, phone numbers. Wikipedia definition- http://en.wikipedia.org/wiki/Phishing

How it works?
You get a link in your email or IM, from a known source for eg your bank or a friend. It takes you to a webpage, which looks exactly like your netbanking login page or email login page or any other page which requires any private information. You fill in your login info, then click on enter.Now, it says that your username/password is incorrect and asks you to re enter. Not suspecting anything, you just re- enter your info, and now you’re logged in. What actually happens is this that the first time you enter your info, its automatically emailed to the person who’s “phished” the site. On clicking enter, it simply takes you to the password incorrect page on the actual site, where you re enter information and login successfully.

How to avoid it?
Never, ever click on a link which leads you to a login page, even if you’re 100% sure of the authenticity of the source. Do it the long, painful but safe way. Type in the full URL of the site in your browser and click on go. The link which you had got, and looked good to you, might contain a tiny spelling variation, which causes you to go to the duplicate page instead of the actual page. For example, yahoo.in instead of yahoo.co.in, hdfc-bank.com instead of hdfcbank.com, etc etc.

An even bigger menace:
URL Spoofing takes the threat one step higher.People who want to know the underlying reason, read italicised text. You can skip it if you just want to know how to avoid it.

To understand how URL spoofing can harm you, you need to understand a basic fact of the way internet works. We know a website by its name, such as google.com, yahoo.com, etc. But this is only done to make it easier for humans. Every website has a unique IP(Internet Protocol) address, which is a string of 12 digits. It looks like xxx.xxx.xxx.xxx, where xxx could be replaced by a number from 0 to 255. For example, yahoo.com has an IP 216.109.112.135 . There is something called a DNS (Domain Name Service) server, which keeps tables which map domain names such as yahoo.com to their respective IP addresses.Such servers are usually kept by your ISP (Internet Service Provider). But since there are so many ISP’s around the world, there’s also a centralised system of “Root Servers” (http://en.wikipedia.org/wiki/Root_servers), from where ISP’s periodically refresh their information.What URL spoofing does is that it modifies the IP tables, and associates a different IP to a site. So, even if you enter the spelling correctly, you’re still taken to a counterfeit page, which will steal your information.

If you exercised the caution mentioned earlier, and typed out the website yourself, URL spoofing may still cause you to go to a duplicate page. The simplest way to detect it, is this that you enter your information, and even if you think you typed it correctly, you’re taken to a wrong password page. And there goes your secret password! The only way to resolve this problem is to relogin asap, and change your password.

PS: I’m planning on more such articles, so if you ever have any query on computers or internet, please tell me about it.