Privacy 101: Protection against phishing

Most of the interactions of people nowadays take place online. Perhaps the people you know on the internet might know more about you than people you know in person. This has led to the rise of privacy invasions and it is rising continuously everyday with the increase in computing power and the increase in the number of people who have internet access. Protecting yourself from privacy invasions was never more important than now. This series is going to mainly concentrate on educating people, especially non-techie people, about online frauds and threats and their counter measures.
There are three main ways in which a hacker can find your password and log into your social media accounts such as google+ or facebook or use your identity for some malicious purposes. Today we will look at one of them, that is, phishing.
Phishing is one of the easiest ways to know your user id and password. What a hacker essentially does is he clones the login page of the web service of which he wants your user id and password.
1. He goes to the website.
In this case facebook.com













2. Copies the source code and changes
action="https://www.facebook.com/login.php?login_attempt=1&lwv=110"
to his own login handle which can capture your username and password.
Facebook source code












3. Uploads the edited source code with some additional files to a server and sends a link to the page by spoofing an email address which looks exactly like the original and seems to have come from the original website.

Counter measures:
1. Make sure that the website you are redirected to is a legitimate one by checking the URL. Normally social networking sites and other sites that may include sensitive user data have an https connection. 
2. Never login through an open Wi-fi as it is highly vulnerable to Man-in-the-Middle type of attack, which we will discuss later, where the hacker can actually see what you are browsing and typing.
3. If possible check the source-code of the website for any malicious URL redirects.
4. Set up two step verification on google+ or set facebook to send you an sms when a login takes place into your account. 

The methods that are mentioned in this series or are going to be mentioned are for education and protection purposes only. I do not claim responsibility for use of any of these methods for illegal activities.

Popular posts from this blog

Automatic Hashtag Maker for Newsbot

Photon: A Simple Analog Line Follower