Understanding Phishing
The term phising come from the English word fishing (literally means the activity of catching fish), but in this case the intention is fishing the password informations. Phishing is a method used by hackers to steal paswords by tricking a target by using a fake login form on a fake website that resembles the original site.
In some cases, the fake site is not too similar due interface update from the original website. But, if the target are less cautions and had no experiences of the phishing methods, they can be trapped. A good hacker could make the fake website looks really similar to the original one and they words to trap their target looks really convincing.
How Phishing Works
To avoid phishing, first we need to know how it works:
01. The hackers would give us the fake links that seems similar to the original website. For example link to Facebook, which is faceb00k.com (fake) instead of facebook.com (original). This links can be spread to us by many ways. It can be through emails, social media, interesting images and also by persuasions on others.
02. After clicking, we will be directed to a fake website such as Facebook login form with words and interface that convinced that we have logout from our account and ask us to re-enter our username and password to log in. We hardly think it is weird and realize it is a clone website and would fill the username and password without any suspicion.
03. Anything we type into that form will be stored on the hacker's server. They can see what we fill in the username and password. This is how they get access to our account.
04. Next, our account will be taken over. The hackers may use our account to spread the url phishing to the next victim and also can much more worst damage by using our account.
Hacking the passwords with phishing method is one of the simplest practice, and that is why we can found a lot of referrred links that will direct us to the web phishing or the fake web.
It is really easy as setting a blog. Not just that, by creating an artificial name or site that does not exactly match also can achieve the phishing ac as long as it can convince the target. It can be the phishing site with insignificant rewards such as "how to get free gems for Clash of Clans" and first they need to do is to put their username and password. This is how the target can easily trapped by 'blinding' them with the fake rewards.