Today I got one Facebook message from an unknown person. In that message he is asking to participate in AlertPay “own0” contest. For this I need to login in my AlertPay account. See the Screenshot.
The URL brings to an AlertPay login page. But it is actually a fake page. (See the Screenshot below) It is exactly looks like an AlertPay login page.
I have entered some fake details in that fake login page. . After the page loading now it came to original login page.
How this Phishing Works?
- Using the facebook message, he convinced me to login at Fake login page.
- I gave my login details to see my account. (actually to see the Contest details. According to the hacker’s message)
- After clicking the login button, page is loading, but again I’m seeing the same login page. (Now he collected my details and redirecting back again to the original login page. So we may think, “because of some problem it is not logging in”)
- When I clink on the login button itself my details are stored in the hacker’s database.
- Now this is the time to access my AlertPay account details and transfer some money to his account or will do some other activities.
Finally, I have to say “My AlertPay account was hacked”.
This guy actually running a two fake facebook pages. Please don’t join in these pages, and alert your friends about this.
- (facebook.com/people/Smart-Shop/100000308707750) to hack alertpay users. Already 316 people linking this page.
- (facebook.com/pages/Pay-Pal/125541414152127) to hack PayPal users. Already 112 people linking this page.
What is Phishing?
Using this phishing method hacker can easily acquire your credentials such as username-passwords, credit card details. You can read this wiki page for more detailed information. But here I gave the real example for Phishing.
In my own words “Phishing is the very simple method to hack your details by showing the Fake login pages”
How to avoid Phishing?
This is very simple. Follow these steps, whenever you are trying to something with the payment or other sensitive account websites.
- Watch the status bar before you click on any URLs received in Emails, Facebook Messages, Twitter Direct Messages and other message services.
- Use the web browsers that have the “status bar” feature. See the Importance of Status bar in Web browsers.
Thank god still I’m using Firefox 3.6.16 version. Because the old status bar removed and it looks exactly like Chrome’s status bar. It is not showing full status in the bottom of the browser. And we don’t have the option to enable it.
- If you don’t know your Bank’s online banking website URL, simple search in the Google and get your original website.
- Never ever trust the emails that asking your login details. If you got mail like that, please report as Phishing.
- Don’t forward any message that says, “Microsoft/Google/Yahoo pays $10,000 for forwarding this message”. This is the only method hackers and spammers using to collect all of your emails.
Hope I have shared useful information with you.