Website Phishing

Website Phishing
Cyber Crime

30 July, 2020

Website Phishing

Phishing is a malicious operation executed by hackers in hopes of making a quick buck. It starts with hacking a website then using the site’s resources to send emails with deceptive messages. The purpose of these messages is to dupe people into sharing sensitive information like credit card info. A common example is a phishing email that will be sent to someone’s inbox prompting them to click a link and open a website. The site will be a hoax version of a trusted site like a banking site.

Phishing attacks used to be carried out on a large scale. Attackers would target a large number of people by sending them emails hoping that someone will take the bait. But today email service providers like Gmail have good anti-phishing measures in place. That is bad news for your website because it is being blocked by email service providers.

Hackers use compromised websites to send hundreds and thousands of spam emails for phishing purposes. Email providers take strict against such websites. Your website can be blacklisted by Google. Your domain can be marked as dangerous by spam watchdog services like Spamhaus, your web host may suspend your site. In most cases, site owners are unaware that their website is being exploited until it’s too late.


Characteristics of Phishing Websites

A typical phishing website will have the following characteristics:

  • It uses genuine-looking content such as images, texts, logos or even mirrors the legitimate website to entice visitors to enter their accounts or financial information.
  • It may contain actual links to web contents of the legitimate website such as contact us privacy or disclaimer to trick the visitors.
  • It may use a similar domain name or sub-domain name as that of the legitimate website.
  • It may use forms to collect visitors' information where these forms are similar to that in the legitimate website.
  • It may in the form of a pop-up window that is opened in the foreground with the genuine web page in the background to mislead and confuse the visitor thinking that he/she is still visiting the legitimate website.
  • It may display the IP address or the fake address on the visitors' address bar assuming that visitors may not aware of that. Some fraudsters may perform URL spoofing by using scripts or HTML commands to construct a fake address bar in place of the original address.



Request Your Complimentary Domain Analysis