In this tutorial, I’ll explain about Phishing & methods to identify a phishing website.
What is Phishing?
Phishing is a cyber crime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
What is Phishing Websites?
A phishing website (also called a “spoofed” site) tries to steal your account password or other confidential information by tricking you into believing you’re on a legitimate website. You could even land on a phishing site by mistyping a URL (web address).
In order identify a phishing website, follow below mentioned steps
Step 1: Check the URL carefully. Check the spell of domain name.
Step 2: Verify Website SSL Certificate belongs to website Domain Name or Organisation.
Step 3: Verify the Domain Ownership using WHOIS.
iamvsm@SaraswatiRepository:~$ whois phishing_site_url
Where phishing_site_url domain which we have to identify whether it is Phishing site or not.
If you have linux you can do WHOIS Lookup on your terminal. If you’re using Windows then use below mentioned link for WHOIS Lookup
Link: https://lookup.icann.org
Note: Some website owner have implemented Privacy Protection in order to prevent exposure of their contact details on Internet. I have also implemented Privacy Protection on my domain i.e., saraswatirepository.com
Step 4: Verify the PCI DSS Compliance if it is E-Commerce or Website Accepting Payments
Step 5: Verify on Google Transparency Report by following below mentioned link
Link: https://transparencyreport.google.com/safe-browsing/search
Hence, this how we can prevent ourselves becoming victim of online fraud by identifying website safeness.
