by Malay Shah
on Sep 21st, 2007

What is Phishing?

In computing, phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. eBay and PayPal are two of the most targeted companies, and online banks are also common targets. Phishing is typically carried out by email or instant messaging, and often directs users to give details at a website, although phone contact has been used as well.

Link manipulation

Most methods of phishing use some form of technical deception designed to make a link in an email (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of sub domains are common tricks used by phishers, such as this example URL, Another common trick is to make the anchor text for a link appear to be valid, when the link actually goes to the phishers’ site.

Phishing example:

This is one of the latest phishing scam seen in India.
Here are the both the URLs, they are same, except there is a space (%20) at the end of the phishing URL.

The Fake Site: https://infinity. icicibank. Action.RetUser. Init.001= Y&AppSignonBankId= ICI&AppType=corporate&abrdPrf=N%20

Actual Site: https://infinity. icicibank. Action.RetUser. Init.001= Y&AppSignonBankId= ICI&AppType=corporate&abrdPrf=N




SpoofStick is a simple browser extension that helps users detect spoofed (fake) websites.Go to our weblogs this page to download Spoofstick for IE and Mozilla.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • ThisNext
  • BlinkList
  • blogmarks
  • BlogMemes
  • IndiaGram
  • IndianPad
  • MyShare
  • Netscape
  • Reddit
  • SphereIt
  • Spurl
  • StumbleUpon
  • Taggly
  • Technorati
  • YahooMyWeb
  • co.mments

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.