Hi guys!
Here is my latest blog post where I want to share my experiences on how to identify phishing attacks and not fall a victim to those malicious attacks. To read more about phishing attacks you can take a look at the wikipedia article here.
Recently, I had encountered such an attack of the multiple types including Link Manipulation, Filter evasion and website forgery where I received an email in my inbox from the Income Tax Department of India (seemingly) regarding a reimbursement of amount for excess tax collected. Here is the actual snapshot of the email I had received:
The from address was also quite convincing at first glance. The attackers wanted you to click on the "Submit Request" button at the middle of the message. To the layman it would redirect to the apparently harmless Income tax of India site. But in fact it redirected to a malicious duplicate of the Income tax of India website. Here is the screenshot of the website it actually redirected to (the fraud website):
At first glance, there is nothing to show that this is not the actual income tax of India website, including the logo at the top and everything else resembling terms that the tax payers are familiar with. However, a close look at the URL of the website will reveal that it is not indeed the genuine website. These are the giveaway:
1. The URL on the address bar has an IP address
2. The site does not start with HTTPS and so it cannot be trusted in any way so that you can give any confidential information
For comparison here is the actual Income tax of India website:
It starts with https and the address bar also looks uncluttered with a genuine address.
This is one of the many ways in which many fooled into revealing their confidential details like bank account details and they will be victims of online fraud. We should be proactive and keep ourselves updated with the ways the "Crackers" are trying to exploit the internet populace.
Some small tips to avoid being victims of phishing attacks can be found here:
1. http://www.identitytheftkiller.com/prevent-phishing-scams.php
2. http://www.pandasecurity.com/mediacenter/security/10-tips-prevent-phishing-attacks/
Please add your views in the comments section.
Let us all be cautious and updated and do not fall victims of online fraud!
Here is my latest blog post where I want to share my experiences on how to identify phishing attacks and not fall a victim to those malicious attacks. To read more about phishing attacks you can take a look at the wikipedia article here.
Recently, I had encountered such an attack of the multiple types including Link Manipulation, Filter evasion and website forgery where I received an email in my inbox from the Income Tax Department of India (seemingly) regarding a reimbursement of amount for excess tax collected. Here is the actual snapshot of the email I had received:
1. The URL on the address bar has an IP address
2. The site does not start with HTTPS and so it cannot be trusted in any way so that you can give any confidential information
For comparison here is the actual Income tax of India website:
It starts with https and the address bar also looks uncluttered with a genuine address.
This is one of the many ways in which many fooled into revealing their confidential details like bank account details and they will be victims of online fraud. We should be proactive and keep ourselves updated with the ways the "Crackers" are trying to exploit the internet populace.
Some small tips to avoid being victims of phishing attacks can be found here:
1. http://www.identitytheftkiller.com/prevent-phishing-scams.php
2. http://www.pandasecurity.com/mediacenter/security/10-tips-prevent-phishing-attacks/
Please add your views in the comments section.
Let us all be cautious and updated and do not fall victims of online fraud!
Very helpful. Phishing attacks are very commonplace these days and prevention leaves much to be desired. A guide to prevent lay people from being cheated was needed and met by this article.
ReplyDeleteThanks!
Delete