Many of us must be aware or at least heard of phishing attacks. However, there are still some handful number of people who are not aware of this attack and end up sharing some confidential information on the spoofed online banking page.
How “Phising” works :
In Phising, they keep the spoofed page as real as possible so, you hardly notice any difference if you just go with the visual appearance of the page. Once you enter your login details, a fake failed login message will be displayed and will ask you to try after sometime. By now, your login details have already been taken by the attackers. Hence, whenever you’re redirected to your bank page from any third party websites, look for the following parameters.
Google Images
Firstly, an SSL certificate ensures the connection between a web server and a browser is encrypted or secured for example https: is secured whereas http: isn’t secured . However, this alone doesn’t prove the authenticity of the website as one can get a DV - Domain Validated SSL certificates for phishing sites with misspellings of a legitimate domain name. For an instance, if the attackers are targeting icici, they could simply register a domain on “lcici” or “icici1″ and purchase a domain validated (DV) SSL for it.
Basically, SSL certificates are classified into three types,
- Domain Validated - DV(Modest level of security)
- Organisation Validated -OV (Good level of security)
- Extended Validated - EV (Highest level of security)
Banking websites NEVER use domain validated certificate. You can check this by clicking “show certificate” option from the SSL.
Tags:
Technology