In our daily lives we come across many fraud messages and emails and calls trying to know our bank info or our private info. Some of you probably know how to detect some of them may not. Well, here are the top two techniques that hackers use to get your private information. Also know how to protect yourselves against these fraud techniques.
Phishing is a type of attack where attackers tries to steal your bank info, login details, passwords and credit card details through an email and sms.
Generally these emails and sms contains a link where it redirects you to another web page which is actually a fraud one made by the attackers.
Let me explain you clearly with an example.
For suppose, you received an email from a reputed university telling you to register for a discount in the fee. As you don’t want to miss the opportunity, knowingly or unknowingly you will click the provided link in the email. Then you will be redirected to a page where it tells you to enter your login details of your gmail account. The attacker monitors your actions at his place where now he can get your account id and password without any difficulty.
In the same way the attackers also steals your credit card details by redirecting you to payment pages etc….
Sometimes the attackers go to great lengths where they actually design a website which looks exactly as the original one by using the same logos, signatures and everything you normally see.
Mainly, these people creates an urgency telling that the link expires in few hours or limited time or limited offer etc… which the user fell for it without any further thinking
How Phishing works?
The attackers generally sends hundreds and thousand of fraud emails and sms where some users are likely fall for them.
When the user enters into the site, the attackers starts monitoring the actions performed.
How to detect Phishing:
Every technique has its own flaws. In phishing, when the attacker tries to recreate an original website, it is impossible to get the same domain name and URL.
So if you fail to identify the fake mail in your inbox, you can detect by seeing the URL link. It definitely misspells as the attackers can’t get the original domain name. Look in the below image about the fake amazon page.
As you can see, the entire web page looks exactly like amazon web page. But as in the URL it is misspelled as amazonn instead of amazon. In this way you can detect the fraud websites asking for your details.
In the same way, now a days we see many PAYTM and AMAZON links spreading into our whatsapp saying that you can win cash prize or exciting gifts. Just check the URL as there will be always a misspell in the link.
How to protect yourselves against phishing:
So whenever you come across these emails and sms, there will be a contact information to call them for any assistance. As you don’t know whether it is legitimate or not, you can try searching in the internet for the real ones. Therefore call those numbers and ask them whether they sent any mails regarding login details and passwords. If they didn’t, then forward the mail which you received and they will take the required action.
The phishing technique lures the user into the website which the hacker creates where as pharming technique is the same but excluding the “luring” part. Instead the hacker infiltrates your own system and installs a malicious code. These malicious codes makes you to redirect to the sites developed by the hacker.
This is difficult to detect as the user thinks that they typed the correct URL but actually they will be redirected to the hackers website as there is a change in the IP addresses and DNS.
How Pharming Works:
Your DNS will be changed by using a technique called DNS Cache Poisoning where the hacker corrupts the DNS services by installing malicious codes and changes your IP addresses.
How to detect Pharming:
Pharming is difficult to detect as the user has no knowledge that his system is corrupted. Let me explain this with an example,
Let us say you have a contact by name “Sam” in your mobile. One of your friends wants to play prank with you by changing the Sam’s number to his number whose name is “Daniel”, so he changes the number which is under sam’s name and gives his number but saves the contact name as Sam only. Whenever you try to call Sam the call goes to your friend as it is his number under Sam’s name.
In the same way the hacker corrupts your DNS services. So whenever you wanted to enter into your bank website it redirects you to the hacker’s site as the system cannot know that its DNS settings has been changed.
The only way you can detect whether the you are hacked is by sensing any changes in the website. There will be definitely some flaws in the website which hacker prepared. So try to find them
How to protect yourselves against Pharming:
If you think there is something wrong with the website you visit, then you may be a target of pharming.
Even Spyware removal cannot detect pharming as there is nothing technically wrong with your system. Because even the spyware cannot know that your DNS was changed.
Whenever you see that the website you visit is different than usual, Restart your system to retune your DNS entries. Use an antivirus program and try connecting to the website again. If the website still looks strange then contact your ISP and tell them that your DNS may be altered.
And always make sure that you see https in the URL link as it says that the website is legitimate and protected. So fraud websites cannot copy that http as it is already registered with the original company.
Also make sure that your system is protected with passwords as the first step for pharming is to infiltrate the victim’s system. So the hacker cannot do anything until he has access to your system.
So these are the top attacking techniques that hackers use to get our private info and details. So always stay protected and never share your passwords to any banks or fraud calls. Remember, no bank will ask your password and you can’t get a iphone or TV just by clicking a link or by playing some stupid game.