Spotting Web Spoofs: Stay safe online


Understanding Clone Phishing and DNS Poisoning:

Clone Phishing:

Imagine you get a text message from your friend asking for help. They say they accidentally locked themselves out of their social media account and need you to click on a link to log in and reset their password for them. You click on the link, it looks just like the real social media login page, and you enter your friend's username and password to help them out. But there's a problem! The website was actually a fake created by a scammer. This is called clone phishing.

In clone phishing generally we create a link that is similar to the original website for example I want to trick someone to give me his/her Instagram id and password, which is something no one will do. So, what I will do is that I will create a clone that looks just as same as the original Instagram login page and I will name it as "intagram.com"
and I will send this link to the person whose Instagram id and password I want to know. 
But How exactly,
  1. Well there are tools which can create an exact copy of any website and you will never be able to know the difference by looking at it.
  2. So, for further info you need to understand the basics of how exactly a website works, a simple website has a frontend or client side and a backend or server side so the data that you fill in the login forms get stored in the back end or server side which can be a SQL or a No SQL database.
  3. Therefore, for my clone I will have the access to the server side and Hence, I can see what you enter but if I just let you enter the details and send an alert message that "Something went wrong" that may alert you that there is something wrong with site.
  4. So, What I will do is after you enter the details and press the login button I will now open the original instagram login page and enter your details and after login your profile will appear in front of you
  5. What you will see is you opened instagram on your browser and then you entered your login details and your profile page appears but in reality you have given me your login details.
But is it that easy, No by time people are learning through different experiences and through awareness campaigns that clicking on links is not safe so You need to be very good at Social Engineering to make someone click on the link.

DNS Poisoning:

Now you have understood what is clone phishing but if you take a closer look you will realize that it is very difficult to make someone click on a link but what will happen if the person types the URL in their browser with exact spelling but yet they reach my clone instead of the original website. Spooky right but it is actually possible and way easier to do as compared to a simple clone phishing attack.

We will understand this with an example, let's consider a guy named Mohit he loves bikes and his instagram account is public (The reason I took instagram for this is because most of the readers can relate to it). So, I am an attacker and I want to know the login id and password for Mohit's account.

so I will create an anonymous instagram account set up my profile so that nobody can tell that it is a fake account and Now I will send Mohit a message that looks something like this.
Hello Mohit, from BikeDekho.com These are some of the options available at bikedekho.com and I will attach a pdf with different bikes and their specs.
So, Mohit opens the pdf but it was not just a pdf file an script was embedded in the file which will change the static IP address for instagram.com in the hosts.txt file of his computer and that's it. Now it doesn't matter that if Mohit uses the most secure browser but because the host file is infected or by name poisoned no browser, no antivirus will be able to detect that Mohit is now hacked.

Why Phishing Normal people when the hackers can hack the platform and get details of millions of people?

It is because Hacking a big platform is not easy and even if a hacker was able to hack the platform and reach the server side and database he may know the username and email for different people but will never be able to know the password (if the password is long and strong) but why? the passwords are also written in the table only right?

Yes but they are not written in the database the way you type it but instead they are stored after hashing, using some hashing algorithm like SHA1 or SHA256. Since, Hashing algorithms are designed to work in one direction it is very hard to convert back the hashed password back to original form. Yes there are tools that can do that but only for some common passwords not with very complex or different password. Passwords like "sdetn3Jdknc" are very secure and no tool can bring back this original password from it's hashed form.

So, how exactly these websites match these passwords. Since, hashing algorithm is there they convert the password you enter in the login page to a hash and then match that hash to the hash stored in their database.

How to stay protected from these attacks?

  • Do not click on any link or open any pdf you have received from a not very trusted source.
  • There are tools like the one I have provided in my blog How to check that a website is safe or not?
  • Do check the spelling of the site in the address bar before entering data if you have opened the site
  • Use strong passwords and Enable Two factor authentication.
  • Using a complex and strong password is important.
Stay safe and you can comment or use the contact form if you want to know about something.

Comments

Post a Comment

Write your comments here. If you encounter any error or want a blog on any topic mention the topic here or inform via contact form in the sidebar

Popular posts from this blog

How search Works?

In today's digital age, search engines are an integral part of our daily lives. Whether we're looking up a recipe, researching a topic for work, or shopping online, search engines like Google and Bing are our go-to tools for finding the information we need. But have you ever stopped to wonder how search engines actually work? How do they determine which websites to display in their search results and in what order? In this blog, we will explore the basics of how search engines work and how they have revolutionized the way we access information online. In this blog we have discussed : We discussed how information is stored in search engine indexes, including web crawlers that scan the internet for information and algorithms that rank web pages based on relevance and other factors. We also talked about what happens when a user types a query into their browser, including how the search engine processes the query and returns relevant search results. Finally, we discussed how search...
Read more

How Online Scams Work?

Image
In today's digital age, more and more people are using the internet to conduct their daily lives. From shopping and banking to socializing and working, the internet has made our lives more convenient than ever before. However, with this increased reliance on the online world comes a new threat - online scams. Scammers and fraudsters are constantly coming up with new and innovative ways to trick unsuspecting victims out of their money or personal information. In this blog, we will take a closer look at some of the most common online scams, how they work, and what you can do to protect yourself from falling victim to these scams. So, whether you're a seasoned internet user or a newcomer to the online world, read on to learn more about how to stay safe online. Following are the most common Online Scams: 1. Phishing Attack 2. Nigerian Scams or 419 scams 3. Lottery Scams 4. Romance scams or Catfishing 5. Tech Support Scams 6. Work from home Scams 7. Investment Scams or P...
Read more

WHAT IS A FIREWALL?

Image
  A firewall is a security system designed to protect computer networks from unauthorized access and other security threats. In this blog, we will discuss the basics of firewall, its types, and how it works. What is a Firewall? A firewall is a hardware or software system that acts as a protective barrier between an internal network and the outside world, such as the Internet. It monitors and controls incoming and outgoing network traffic based on a set of rules or policies. These rules can be set up by a system administrator or by the user to allow or deny certain types of traffic. Firewalls can prevent unauthorized access to a network, as well as protect against malware, viruses, and other cyber threats. They can also be used to enforce corporate policies and regulatory compliance. Types of Firewalls There are several types of firewalls, including: Packet Filtering Firewall: This type of firewall examines incoming and outgoing network traffic based on a set of predefined rules. ...
Read more

Contact Form

Name

Email *

Message *