The main purpose of phishing is to get access to the passwords, customer’s accounts. Phishers try to trick users by impersonating other people via Web sites, emails etc. Most phishing are done through e-mail. Example, the email contain a message stating that a particular amount has been taken from the user’s account. A link is provided to check his or her balance, or may contain a link to perform a security check for the user’s account.
Many of users do not know about how e-mail and Web sites work. Phishers exploit this lack of knowledge to acquire sensitive information. Phishers can fool users by convincing them to go to fake Web site. For example, for a URL of www.foryou.com , the phisher may develop a new Web site called www.4you.com , which looks similar to the original URL.
Most phishing attacks are perpetrated through e-mail.
Process of Phishing
- Register a fake domain name.
- Build a look-alike Web site.
- Send e-mails to many users.
The best effective strategy is to educate users as to the dangers of phishing attacks.
By entering the URL in a browser manually rather than following a link when an e-mail asks.