arrow_upward

Pages (2):
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Proper use of forum rules. My appeal to the community.
#11
I mean can the the phisers really clone the site in a way to make us fall for them? I can easily recognize if its a false site or not just by looking at the ssl certificate that gives everything away before any real damage done (including clicking the URL)
No one knows what the future holds, that's why its potential is infinite
#12
(11-29-2018, 04:06 AM)Kururin Wrote: I mean can the the phisers really clone the site in a way to make us fall for them? I can easily recognize if its a false site or not just by looking at the ssl certificate that gives everything away before any real damage done (including clicking the URL)

the point is you get conned when you are least expecting to get conned. that is usually what happens most of the time. they infect someone who has your contact and next thing they do is mail you or text you from their account that is so familiar to you with a link. even a moment of not paying total attention might cost you a lot. mind you, that was just one example. they have social engineering , trojans, phishing sites, botnets...all the bad things working against you.

do you know about the psychology experiments where there are two teams in your field of view. black n white ( t-shirt colour). Each team has one ball. they are passing their balls within their respective teams. Now you are asked to count the number of passes by one of the team, say white team.
after the experiment is over , you give your count. it is right and you are proud about it. Also feeling somewhat relieved and slightly silly. Trying to  make up your mind on whether to feel pity for the experimenters who went through all that just for THIS. Now comes the bomb...

DID YOU NOTICE THE DANCING BLACK BEAR THAT WENT FROM ONE SIDE OF YOUR FIELD OF VIEW TO THE OTHER ?

you go like ..WTF !! ask them to replay the recording. yes, there it is...

thats usually how phishing hits the knowledgeable people most of the time ( people who didnt know better are much easier to hit by it and they often get hit. but i am talking about the tech savvy guy that you are. ).

Dont underestimate their power !
Sincere Thanks to VirMach for my VPS9. Also many thanks to Shadow Hosting and cubedata for the experiences I had with their VPSs.
#13
@rudra  When I was paying my rental today online I was thinking of this thread.  How would I be able to identify the correct link for my bank?  Now I've learned so far that if I use Firefox that Firefox will only allow the top link when it is white listed.  It won't allow any other link.  I always look out for the https of course, but then as you mentioned, someone could just wangle the link so it looks the same.  I try to be alert to the way the name is spelt, and also other parts of the process, i.e. I get a SMS with every step, including the login.  Last month the SMSs were back to front, so I phoned the fraud department and they said that was regular.  

The Bank has a few hurdles as well before I get to my account.  There are two logins and they work with a special encrypted alphabet.  

Still, two weekends ago I read someone getting hacked regardless.  Somehow if one's account gets targetted, whoever is targetting it specifically may have tools to get past the login?  Worst part is that the Bank didn't help that person.  This particular Bank quite easily puts the blame on the client for taking the responsibility of an account being hacked.  Not only are Banks forcing their clients to go online and do internet banking (otherwise charging them a premium to do their business at a branch), but they're also making them responsible for whatever goes wrong.  I don't think I've ever felt as insecure with doing my banking as I feel right now.
Terminal
Thank you to Post4VPS and VirMach for my awesome VPS 9!  
#14
yes. thats the sad truth. I always enter url manually and i do it from firefox on linux if i can help it. also sms alert and others similar things help. thats pretty much it. what more can we do than that !

my main bank still lets us go about doing things offline. dunno for how long though... i hate biometrics verification and i dislike all these automation n online payments. i never looked for convenient escapes ..no sir ...
Sincere Thanks to VirMach for my VPS9. Also many thanks to Shadow Hosting and cubedata for the experiences I had with their VPSs.
#15
(11-29-2018, 01:01 PM)rudra Wrote: yes. thats the sad truth. I always enter url manually and i do it from firefox on linux if i can help it. also sms alert and others similar things help. thats pretty much it. what more can we do than that !

my main bank still lets us go about doing things offline. dunno for how long though... i hate biometrics verification and i dislike all these automation n online payments. i never looked for convenient escapes ..no sir ...

Rudra i agree with you on this matter, only if our banking system could provide a two step verification for login too i mean they do have two step verification for transactions done online but nothing for login rather i guess few private sector banks do have this feature(as i heard from my friends) but i am unaware of them. Though if they do ever introduce two factor it would be best if it supports FIDO or SMS based TOTP that would be a marvelous step in security.
[Image: a3ad5cfbf5.png]
[Image: trk1]
#16
@Manal This might be an interesting article, would wait for this. As we also receives reports about those Social Engineering domains. I'm just wondering how they could possibly done that does registrar can't notice that? because you might loose lot of money if you got into this trouble.
#17
I don't know whether all Indian banks do support OTP taransaction password based on SMS, but SBI does, it can reduce the chance of phishing, Mastercode is no more seen in transaction, it seems expired security system.
Between do phishing chance reduce if the phishing site has SSL?


Thank you  Sweet



Pages (2):



person_pin_circle Users browsing this thread: 2 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting