In this article, you’ll learn about what is phishing and how phishing works. So first let us understand what phishing actually is on a day to day basis you use the Internet using a web application you can be using a web application through your apps on your smartphone or some applications on your desktop or you might be using a web browser.
Now consider the case where you’re using a web browser and you have to shop for something online. we search for the product and you come across different web sites and you like the product on two different web sites so one of these websites is a very famous very popular very trustworthy e-commerce web site.
There is another web site which is selling your product for the same price and or maybe for a more discounted price but it is not popular you’ve never heard of that eCommerce website before now you choose to pay for your product online and for that, you might have to enter your credit card or your debit card details.
Now the question is which website would you trust more with your personal details with your sensitive details that are your credit card details?
Obviously, you would be less hesitant while you’re entering the credit card details onto the e-commerce website that is trustworthy and you would be worried while entering these details onto the website that you are putting the name for the first time
Because you don’t trust the new website the other website the popular website you heard of the name before you’ve used it before and you have a trust factor with that website.
This psychology is what hackers take advantage of.
In phishing attacks, hackers take advantage of this trust factor and they fake themselves as a trustworthy entity to steal your sensitive data or personal data.
So if a user is an attack of gathering sensitive information of a target. such as a user name password email ID or other sensitive information may be your bank details your credit card your debit card details by disguising themselves as a trustworthy entity.
As I told you previously if you are entering any sensitive information that may be your card details onto a trustworthy website you wouldn’t be hesitant so in phishing attacks.
A hacker disguises himself as a trustworthy entity then he meets you he tricks you into entering your sensitive information into that fake web application so this is phishing.
Now let us see how phishing looks like, Phishing is the use of web-based application mainly to steal credentials.
So we need a web application that is using a web server now every web application is connected to a web server when you’re using a web application.
What happens is there is some data, packets, information that is being sent from your web application to the web server and from the webserver party of a publication.
Now this is how the communication between the web application and the webserver happens.
What happens in phishing attacks, the hacker disguises himself as this web server so you think that you are communicating with the genuine with the actual web server but in reality, you’re communicating with the fake web server or a fake web application that the hacker has built and when you enter sensitive information on to this webserver or this web application the hacker steals your credentials.
Steps of Phishing Attack
Now let’s see what are the steps for a phishing attack.
The first thing a hacker must do is create a fake website because phishing is an attack where a hacker disguises himself as a trustworthy entity.
So first, he has to create a fake website a fake genuine website to trick the victim to enter the credentials.
The next step is to send this fake website to the victim now suppose a victim is trying to access Facebook.
For example, if he goes to the web application by himself maybe he would enter the URL of the website or he would search for that website on a search engine and then use the link to go to that website now when he does that, He goes to the actual (the genuine) website and not to the fake website so the second step is that the hacker has to send this fake website to the victim where the victim enters the credentials the third step that happens is the victim thinks that this fake website is a trustworthy website and enters credentials and finally the hacker gets the credentials.
Hope this article helps you to protect yourself from phishing. If you have any query please feel free to ask in comment section below.