Today I got the following direct message from my follower. He included one shorten URL after the message. When I click that one it is redirected to a Fake twitter login page, and it was same as real Twitter login page. I checked its URL in address bar, and it shows different URL than original Twitter Login URL. So I confirmed that guy try getting my twitter login details using Phishing method.
What is Phishing?
Phishing is the fraudulent process of stealing your username and password by showing real member site’s login page. Hackers will crate the same design of the popular site’s login page and host it in to their servers. And now they will follow you on twitter and send direct messages like above to steal your twitter password.
How Phishing Works:
Here the design and the look of that fake page will be same as your original login page but the URL is different. Most busy users won’t look for the URLs. They will enter the username and password and hit the login button.
- After clicking the login button it won’t go to member’s page immediately. It will return the “Wrong Username and Password” error message.
- Now again our busy users will enter their username and password, now it will redirect to original members site.
So In the first process itself, they got your username and password and stored in their database. Now the hacker enjoys your username and password by doing some illegal activities. There are so many Phishing technique is available: Orkut Phishing, Gmail Phishing, Yahoo Mail Phishing, Facebook Phishing, Net banking Phishing and now Twitter Phishing.
What they will do using our login details?
- Using your Twitter login they can promote bad sites including web malware sites.
- Using your Gmail, Yahoo mail and AOL mail login they can send spam mails to your friends. They can steal your email contacts, Account password.
- If your login details got by terrorists means, they can use your email as major communication medium between their network.
How to prevent from this Phishing Attack:
Just simple methods only. But you have to be aware at any time.
- Whenever going to login to any member sites, just look for the website address in your browser’s address bar. There you can find the real website address or fake address.
- Also look for your browser’s status bar before clicking any links in your email.
- Often change your account passwords .
- Do not store your personal information such as Credit Card number, bank account details in your email.
- Never follow fake profiles in Twitter and in Facebook.
Check the Twitter Phishing screenshot. (Click to enlarge the image)
I have the habit of checking the URL of the site for avoiding Phishing. I will look the address bar and browser status bar to confirm its originality. If it is wrong means, I can confirm, I’m under Phishing attack. Follow me on Twitter…. !