What are Phishing Sites or Spoof Sites?

[Ishaan]

Unfortunately, just being on the internet to be vulnerable, anyone can make a clone of your Orkut in a few minutes, you send emails with the latest fotos.EXE, you may be having their keystrokes monitored as a sort of BBB online and one of the worst situations is that you can be fooled by some spoof site that tries to mimic some original site trying to get that sensitive data like your bank passwords.

But, what are these spoof or phishing sites?

Fake sites that are made based on some famous site more trying it get its data. This cloning technique is called phishing.

Phishing according to Wikipedia:

It's kind of wire fraud designed to steal private information that is valuable to commit a theft or fraud later. The phishing scam (also known as phishing scam, scam or just) is performed by a malicious person by creating a fake website and / or sending an email falsely, usually an email or message through scrapbooks and site Orkut, among other examples. Using false pre-tenses and tries to trick recipients of the message and prompt you to provide sensitive information (credit card numbers, passwords, bank accounts, among others). A variant is the most current Pharming. In it, the user is tricked into downloading and executing files that allow the future of information theft or unauthorized access to the victim's system and can even redirect the page of the institution (financial or otherwise) to the spoofed Web sites.

The Phishing is a major concern at the level of computer security that relies on sending a fraudulent e-mail in order to obtain access codes and financial data.

In recent times there have been ever more refined forms of phishing being the most recent cases involved the sending of an email rather than contain links that lead to a form where it is required information, the links directed to pages that contain malicious programs that install themselves on your computer.

These programs often belong to the class of key loggers and can record the sequence of keystrokes, activities carried out with the mouse or screen images. These programs, after collecting the information, send it to an Internet site controlled by the perpetrator of the fraud, which can make use of this information.

The form of protection against these attacks follows the common rules for safe use of the Internet, which are:

1. Never send personal information may be requested by e-mail such as: No credit card, username, password, names. BPI will never ask this kind of information in this medium.
   
2. Do not follow links (links) to suspicious emails. If you want to access, enter directly into the browser address of the entity referred to in the e-mail and navigate from there.
   
3. If in doubt, contact the entity to confirm the veracity of the email, but never use the contacts listed in the email. Do it the way they usually do normally.
   
4. Make sure that the site is secure, double-clicking on the padlock in the bottom right corner of the browser or the address (URL), which must start with "https://" rather than "http://".
   
5. Be wary of impersonal e-mails that claim to be an entity with which it maintains relations is an e-commerce site or a financial institution. Usually the emails of these entities are directed to the Customer by name as "Hon. Mr. John Doe" and not "Dear customer". The purpose of fraudulent emails is precisely to obtain personal information about you, it is difficult to recognize his name beforehand.
   
6. Make sure your browser is updated and if you have Microsoft software such as Internet Explorer. You can upgrade in http:// www . microsoft.com / security/.
   
7. Install a toolbar for your browser. The Netcraft offers one that provides various information on this site you are accessing: the geographic location of the server that hosts the site, the entity responsible for the site and the first time this address was detected by Netcraft.
   
8. See the extracts from their bank accounts regularly. If you find any strange movement immediately contact BPI. The Anti-Phishing Working Group runs a website with much information about these fraudulent practices. On this site you can see the forms of phishing reported publicly.

[BoD - Chris]

Thanks Ishaan , Great piece of Info!

Also thanks to the Search engine providers and other third-party organizations like RSA security who keep track of shuch websites and pages, and helps to fight against. Google is running Safe Browsing program in which if google crawls a website that tries to deliver a malware, phishing reference then it marks the site as dangerous. Google may temporarily or permanently remove sites from thier index and search results if it believes site has breached terms and conditions, Google's quality guidelines, or for other reasons, you can refer google Webmaster Guidelines for detail information.

[CKDavid]

nice post you have in here.. thanks...