Password theft is becoming the most dangerous crime in our cyber society. Many times having no knowledge about cyber security leads people to beome victim of cyber-crime and loses their important money, data and much more. So at this point knowledge about methods crackers apply to steal passwords become of much importance. Let me clear one thing crackers don’t have any special quality. What they do is to look out for loop holes in the systems and play mind games with us.
There are various methods which are applied for password stealing. The mainly used methods are
- Phishing
- Key-logging
- Social engineering
- Java script hack
- Brute forcing
- Software hack
In this article I will tell you about phishing technique and how to prevent yourself from becoming the victim
PHISHING- As the name suggests its similar to fishing as we all know. Basic idea is same, every step performed is same. In fishing fisherman put a bait to lure fish and here also the cracker put a bait to lure people and then who give their attention to bait, needless to say what they get. First cracker sends an email to the person which has some catchy subject and body providing a link also saying that to avail this thing you first need to open your email through this link. When the person opens this link and enters his id, password and hit enter….he does the biggest mistake in his life….id and password get sent to the cracker and the login page which the victim is using shows that page can’t be reloaded/connection timed-out/server is not responding…..thus making user believe that he is using the original page and it’s a connection problem but what he really doesn’t know that this page is not the actual page of mail provider. Anyone can cross-check this by checking URL in address bar…it won’t have correct address of the mail provider…like for Gmail id it would have something like http://www.gmailmail.com or some catchy address but not the actual one http://www.gmail.com or http://www/mail.google.com
So a million dollar question arises- what should we do??? How to protect ourselves??? What to do after we hitting enter in the fake login page???
Well answers to all these questions are easy… all you need to do is to be aware because no email provider or bank asks its users/customers to open their id on an email. They can say visit your id but will not provide any link to login. You have to go on your own to their website and open your id yourself.
If you think you have opened any fake login page or if you are opening a suspicious link/mail, just check the address bar right in upper side of your browser…you will definitely know if you are at right place or not. Be aware
Now a new question arises- what should we do if we have opened the fake login page and entered our id and password???? Yeah…I’m coming to that question only……if you have entered your id and password and when message of server busy comes then you realized that you have done mistake…no need to worry then , just change your password right then because it may be probability that the cracker may not see your password right then…there may be some delay because he can’t be online 24 x7. There is very little chance because you now rely on cracker. But you should definitely try to change your password because it’s the only way to deal with this and many a times you can protect yourself
Now days it’s becoming very difficult for crackers to go for phishing because now people know about this method and don’t click on the malicious links.
Remember always that crackers always relies on your weakness…..so it’s you who can protect yourself…no one else can
This is all for phishing knowledge....Hope you enjoyed this article…..I will tell you about other methods of password stealing in coming posts….give me your feedback and feel free to ask question….
-(Helping you always)-