What is phishing Attack ? How It Works ?


What is phishing ? 

  • Phishing Is an Internet Scam where the user is convinced to give valuable information .
  • Phishing will redirect the user to a different website through emails , spywares , instant messages .
  • Phishing offer illegitimate website to the user to fill personal information .
  • The main purpose of phishing is to get access to the customers's bank accounts , passwords ,and other security information .
  • Phishing attacks can target the audience through mass mailing. millions of email address around the world .
        Phishing : Conning someone into telling you his or her   password or other sensitive information . 

Reasons for successful phishing Attacks :

There are mainly three reasons .

  1. Lack of knowledge
  2. Visual deception
  3.  Less attention at URL

Phishing Methods :

We can classify Phishing methods into four methods .
  1. Email and spam
  2. web based delivery
  3. IRC and Instant messaging 
  4. Trojan Hosts
  Now first three methods are very polar and easily  we can implement. but what is Trojan Host
Answer Is here
Trojan is a program that gives complete access of host computer to Phishers after being installed at the host computer .phishers will make the user to install the Trojaned software which helps in email propagating and hosting fraudulent websites.

Process of phishing ?

3 step  process is to make a successful phishing website .
  1. Registering  a fake domain name .
  2. Building a look like like website .
  3. Sending email to many user

 Types of phishing attack

  1. Man In The Middle Attack
  2. URL obfuscation Attack
  3. Cross - site scripting attack
  4. Hidden Attacks
  5. Client-side Vulnerabilities
  6. Deceptive Phishing 
  7. Malware Based Phishing
  8. DNS-Based Phishing
  9. Content Injection Phishing
  10. Search Engine phishing


  • Phishing Attacks are prevented by anti phishing software .
  • Anti Phishing software detects the phishing attacks in the website or in the customer's email .
  • These software 's displaying the real website domain that the customer is visiting by residing at the web browser and email servers , as an integral tool.
  • Phishing Attack can be prevented both at server side and client side.
Here are some list of Anti Phishing Tools :

  1. PhishTank Site Checker 
  2. Net craft
  3. GFI Mail Essentials
  4. Spoof Guard
  5. Phishing Sweeper Enterprise
  6. Trust watch toolbar
  7. Threat Fire
  8. Gralic Wrap
  9. Spy Ware Doctor
  10. Track Zapper Spyware -Adware Remover
  11. Ad ware Inspector
  12. Email-Tag.com

Okay , Friends ....!!!

That's It .

If You Have Any Confusion  Please Comment ...