23 March 2014

Phishing Scam Works Easily On Gullible People: How To Prevent It?

Human nature as we are —  get easily tricked or persuaded to believe on something. That is merely why, we need our brain at least to think skeptically and work out of these scammers. By do studying and researching, we can easily weigh detect fake or legitimate ones. 

To cite an example, you surely can attest someone gets easily fooled witnessing with your own Facebook News Feed — particularly on sensualized topic that sometimes went viral. Of course, you can't blame them but you can shower knowledge or wisdom to them on not to share fake or unverified posts.
Before I share any controversial or interesting topic(hoax stories), I usually look it up (recommended to read first) with these popular websites:
Failed Social Intelligence

The term is GULLIBILITY, Gullible by its definition — is a failure of social intelligence that easily and socially deceived, tricked, fooled, faked, manipulated or cheated.

In order not to be fooled by other people, do a research and not to trust entirely – study particular field of subject.

However, many people use this weakness to lure others to give in especially getting sensitive information by using this socially engineered technique — Phishing.
Image credits to: hoax-slayer

The term Phishing was coined and first recorded on hacking tool AOHell which use to steal password or other credentials of America Online users. [ source ]

In computer cryptography and security, Phishing is a socially engineered technique that attempts to acquire sensitive credentials such as username, password, and financial details by disguising its looks and designs identical to those legitimate and trusted websites in a form of an electronic communication.

Phishing is commonly carried out by email (usually you can read it in your spam or bulk messages), Instant Messaging(IM like IRC, Yahoo Messenger, AIM), hacked account(your friend's account and messages you to click), or direct users to let them enter user information whose look and feel are similar to the legitimate one.

To determine if it is a phishing scam requires tremendous skill or past experienced.

How to detect/prevent Phishing scam?
Before jumping in to detection, we must know how to achieve it. Knowing these stuffs would certainly makes us more easily pinpoint fake or legitimate ones.

Logically, I will give some algorithms.
Note: This tutorial is for educational purposes only.

A certain Phisher requires to have this:
  • Website to copy (most commonly used sites such as Facebook, Twitter, Gmail, Yahoo Mail)
  • Server-scripting language (most commonly used PHP)
  • Textfile(users.txt) which stores usernames and passwords
  • Web-hosting that supports this server-scripting language
  • Client language like HTML (used with textfields password and username)
  • Additional: SHORTENING-URLS to mask the original link(sample: goo.gl, bit.ly, etc.)
Phishing Flow

1. First copy the website's view source, and copy to local storage (sample Facebook). If you view that html code, you will get similar design(which viewed locally only).
2. Change Form Action into a coded PHP script link says phishing.php
  • action="phishing.php" to look more legit, a phisher uses login.php instead.
  • Email,username, or password text with its name.
3. In the Phishing.php(obvious) or login.php(hard to detect phishing), it has a script that stores usernames and passwords.

sample php script:
  fwrite($handle,$_POST["email"]); fwrite($handle,"\n"); fwrite($handle,$_POST["pass"]); fwrite($handle,"\n"); fwrite($handle,"\n"); fclose($handle); header("Location: https://www.facebook.com/login.php?login_attempt=1"); exit; ?>
The script simply "a" or appends email(username) and password in a newline(\n) which saves information in the text file users.txt. 

In the last line of code, it will however redirected to the original Facebook login script which displays login attempt error. Prior to that, the script already saved and recorded the sensitive information.

4. In order to work this script file online, it needs to be uploaded in the web-hosting sites. There are several FREE web-hosting sites there.

5. The next is yet very obvious unless the victim is socially lack of intelligence. In the web-hosting site, in most cases, the Phisher has subdomain url only.

  • www.facebook.1000MB.com
    • Facebook is subdomain while 1000MB is the DOMAIN.
You may see it more fake right?

6. To address this problem on step 5, the Phisher surely uses shortening-url like Goo.gl.
7. Of course, in order to make it successful, it needs to promote the link to any users.

Plain and simple right?

Phishing Preventing Measures: How to Detect Phishing scam sites?

These are the ways:
  • First and effective way to prevent Phishing is, NOT TO CLICK on UNVERIFIED URLs/LINKS. It may carry on E-mail, or someone sends you a direct yet suspecting link.
  • If you are doubting and you click the link, ALWAYS CHECK its URL/DOMAIN before Logging. Is this domain trusted? Is this domain correctly spelled?
Some URLs have wrong spellings or added characters. It may look something like this. Examine and look closely, it is Faceboook(has 3 "O"s) not Facebook. Yes it has additional "O" letter here. To ensure safe and secure, type it in another tab or address in your browser.

Misspelled Domain
One another good example is, instead of using DOMAIN, it only uses IP numbers. Typically, the owner of this IP simply failed to register to buy own domain.
uses of IP address
Although, ALL DOMAINS masked its own IP ADDRESS, domains are generally used because it is easy to remember than numbers (IP ADDRESSES). Just imagine, typing IP ADDRESSES of Facebook, Yahoomail, and Gmail ?

Also take note that, URLS/DOMAINS supports multiple IP ADDRESS records in one Domain. In case the first IP is down, another IP would take charge.


» host google.com 
google.com has address
google.com has address
google.com has address
google.com has address
google.com has address
google.com has address
google.com has address
google.com has address
google.com has address
google.com has address
google.com has address
  • Install Anti-Virus especially on Browsers. This AV could easily detects and warns you whenever you visit harmful(phishing or malware) sites.
  • Although, it may sound legit in other sites. You may also check its URL if it is using secure HTTP. It can be seen in most websites(most especially on dealing money like banks). Most Phishing sites don't use secure http(https).
    • https://www.facebook.com/
    • https://mail.google.com/mail/u/0/#inbox
  • What if you already logged on Phishing sites? If you feel uneasy, you can CHANGE your Password Immediately.
  • In most cases, it is advisable to change Password in regularly basis. Strong password is not important here because it simply saves or adds it in a Phishing site without a problem.
In other news, it seems that Phishing from simple is now becoming Sophisticated and Complicated. 
In a post, huffingtonpost about Gmail, it says and admits that, its hard to tell which one is. But ironically, the post did not include its URL.

If you ready the comments, it has constructive comment about the URL. And it simply implies that these users are more knowledgeable. :)

Final Thoughts
Being Gullible is not wrong but it is your own fault if you become the victim. To encourage readers, do research. That way, you will prevent Phishing or any scam websites.

I hope you will find this post useful. Thank you! (so strict tone :P )

Featured Offers: