In this article you’ll learn about what phishing is how phishing works.
What’s Phishing Attack
So first let us understand what phishing actually is on a day to day basis you use Internet use a web application you can be using a web application through your apps on your smartphone or some applications on your desktop or you might be using a web browser.
Now consider the case where you’re using a web browser and you have to shop something online now we search for the product and you come across different web sites and you like the product on two different web sites so one of these websites is a very famous very popular very trustworthy e-commerce web site and there is another web site which is selling your product for the same price and or maybe for a more discounted price but it is not popular you’ve never heard of that eCommerce website before now you choose to pay for your product online and for that you might have to enter your credit card or your debit card details now the question is which website would you trust more with your personal details with your sensitive details that is your credit card details obviously you would be less hesitant while you’re entering the credit card details onto the e-commerce website that is trustworthy and you would be worried while entering these details onto the website that you are putting the name for the first time this is because you don’t trust the new website the other website the popular website you heard of the name before you’ve used it before and you have a trust factor with that website.
This psychology is what hackers take advantage of in phishing attacks so hackers take advantage of this trust factor and they fake themselves as a trustworthy entity to steal your sensitive data or a personal data so if using is an attack of gathering sensitive information of a target such as user name password email ID or other sensitive information maybe your bank details your credit card your debit card details by disguising themselves as a trustworthy entity.
As I told you previously if you are entering any sensitive information maybe your card details onto a trustworthy website you wouldn’t be hesitant so in phishing attacks a hacker disguises himself as a trustworthy entity then he meets you he tricks you into entering your sensitive information into that fake a web application so this is phishing.
Now let us see how phishing looks like, Phishing is use of web-based application mainly to steal credentials so we need a web application that is using a web server now every web application is connected to a web server when you’re using a web application what happens is there is some data, packets, information that is being sent from your web application to the web server and from the web server party of a publication now this is how the communication between the web application and the web server happens, now what happens in phishing attacks, the hacker disguises himself as this web server so you think that you are communicating with the genuine with the actual web server but in reality you’re communicating with the fake web server or a fake web application that the hacker has built and when you enter sensitive information on to this web server or this web application the hacker steals your credentials, so this is how phishing works.
Steps of Phishing Attack
Now let’s see what are the steps for a phishing attack, first thing a hacker must do is create a fake website because phishing is an attack where a hacker disguises himself as a trustworthy entity so first he has to create a fake website a fake of a genuine website to trick the victim to enter the credentials the next step is to send this fake website to the victim now suppose a victim is trying to access Facebook for example if he goes to the web application by himself maybe he would enter the URL of the website or he would search for that website on a search engine and then use the link to go to that website now when he does that, he goes to the actual the genuine website and not to the fake website so the second step is that the hacker has to send this fake website to the victim where the victim enters the credentials the third step that happens is the victim thinks that this fake website is a trustworthy website and enters credentials and finally the hacker gets the credentials.
So this is how phishing works.