Phishing is a very common cybercrime in which a cybercriminal contacts his targets by email, telephone or text message posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. In Phishing, a party creates an official-looking web page that asks you to provide your username and password, or other personal information such as your Social Security number, bank account number, PIN number, credit card number, or mother's maiden name or birthday.
In many cases, you'll receive a link to this phishing page via an email which claims to come from an official-looking (but probably forged) address. You can also end up at these pages by following links that you find on the web or in IM messages.
You will also want to read:
Common Causes of Website Suspension and Deactivation
A General guide to Safe Website Updating
Glossary of Web Hosting Terms
How can i check the speed of my website?
How to Address Excessive Resource Usage on a Web Hosting Account
How do I report a page that I think is phishing?
If you find a page that you believe is pretending to be another page in an attempt to steal users' information, please report it to us.
6. You're flagging a legitimate page as a potential phishing site. How do I get this fixed?
If you believe that Google Safe Browsing is incorrectly identifying a page as suspicious, please do report it to our team. We work hard to act quickly on all such reports.
7. Does this feature protect me against viruses, spyware, and all other evil things?
Sorry, but no &mdash Google Safe Browsing protects against phishing and malware attacks, but it can't offer foolproof protection (although we're working on it). You still need to watch out for all the other bad things that can happen on the wild, wild web.
How to Check for Malware on Your PC using Malwarebyes
Malwares is one major cause of hacked websites. Many websites are hacked directly due weak passwords but there are many websites who get hacked due to compromised computers. For example, a keyboard logger might be used to steal login information.
If you build websites, it's important to make sure your computer is safe. This tutorial will show you how to scan your PC using Malwarebytes.
For Mac users, give our ClamXav tutorial a try instead.
Step #1. Download Malwarebytes
Go to https://www.malwarebytes.org/ and download the installer.
Step #2. Install
Double click the downloaded installer.
You should see a confirmation window. Click Run.
Read and click through the subsequent confirmations.
Step #3. Access
To access Malwarebytes, do a search for "Malwarebytes" from the start menu (bottom left, usually).
Click on the application to open it.
Step #4. Update Definitions
Click on "Update Now" to make sure you have the latest threats cataloged. You should do this each time before scanning.
Step #5. Scan
To run the scan, click the "Fix Now" button.
Scanning can take anywhere from a few seconds to hours, depending on the folders that you selected and the number of files within those folders.
Step #6. Cleanup
Once scanning has completed, you'll either get a message saying no threats were detected or a list of infected files.
Infected files can be quarantined all together or individually. Before quarantining or deleting, you should make sure that the files are not false-positives. If you're not sure and if the file doesn't contain sensitive information (e.g. an email), you can upload the file to https://www.virustotal.com to get a second opinion.
How to Avoid a Website Suspension
How to prevent your website from a hack
On-Page and Off-Page Search Engine Optimization - Keys to SEO Success
Web Hosting Options to start your online business
How Spammers Get Email Addresses
Unfortunately there are many ways spammers can harvest or find out about your email address(es) and then send spam to you. The following is a list of some of the ways spammers can get email addresses without you giving it to them directly:
Your computer could have a virus or malware on it that records keystrokes (i.e. everything you type) or sniffs packets (i.e. reads everything going over your internet connection). Through these methods, spammers would be able to obtain your email addresses, passwords and other confidential information.
Another computer or workstation on your network or workgroup could have a virus or malware that collects email addresses and other information passing through the network.
A script on your website could have a security vulnerability that allows a hacker to access information on your hosting account, including your email addresses. Since emails are relayed from server to server until they reach their destination, one of the servers your email passed through could have packet sniffing software installed, which would allow someone to collect email addresses and any information passing through the server. Emails are typically relayed through several companies' servers before arriving at its destination, similar to how physical postal mail would be relayed between more than one mail carrier until it reached you.
Your internet service provider (ISP) could be gathering emails and selling them.; this is unlikely at reputable ISPs, but it has been known to occur.
You have an easy to guess email address. Some spammers simply try to guess valid email addresses (by prefixing common names and common addresses to your domain name). Some spammers have a huge database of prefixes and domain names they will try, including not-so-common names.
A hacker could have guessed or obtained hosting control panel login information and retrieved your email addresses that way.
Other Methods of Harvesting Email Addresses
It is all too common that people unknowingly volunteer their email address or leave it out absentmindedly, making your email address easy for a spammer to pick up. Methods through which spammers obtain voluntary email address include:
You provided your email address to a website, such as when you signed up or commented on a post, and they gave your email address to spammers (intentionally or unintentionally).
Their website could also have been hacked through a security exploit.
You signed up for a mailing list and forgot you signed up.
You signed up for a mailing list, and they gave your email address (intentionally or unintentionally) to spammers.
You sent an email to someone, and they forwarded it to someone else who harvested your email.
Someone sent you an email also addressed to other recipients, and they used TO or CC instead of BCC, making your email address visible to anyone who received the email (or who was forwarded the email thereafter). Any of the recipients could have made your email available to spammers.
You used your email on a discussion list that reveals your email address to other users. Any of the other users could have harvested your email address.
Your email address is on your business card (or posted where people can find), and someone decided to add you to their mailing list without your permission.
And these are just some of the ways a spammer could get your email address.
How can I tell if a page is a fake?
The best thing to do is to check the page's URL to make sure it's actually controlled by the party it appears to be controlled by. The crucial part of the URL is the part between the http:// and the next slash ('/'). (If there's no slash, start at the end of the URL.) This is the part of the URL that determines site ownership. Some popular domains, for instance, are amazon, google, and ebay:
In some cases, URLs will be a bit more complex; be sure to check the name listed immediately to the left of the top level domain (.com, .net, .co.uk, etc.).
For instance, http://www.google.com, http://news.google.com and http://www.google.com/firefox/ are all part of the same site. However, google.com.fraudulentdomain.com/login.html is NOT! Neither is www.g00gle.com (note that in this URL, the letter o is replaced by the number 0).
Tip: Since a forged URL can look very similar to a genuine one, it's safer to use a bookmark you've created or to type the URL into the location bar by hand instead of following links from your email. This is important for any page where you're asked to log in or provider private information.
Additional Resources: antiphishing.org
3. How does Google know a page is bogus?
We use several techniques to determine whether a page is genuine, including the use of a blacklist containing pages that have been identified as suspicious and/or misleading based on automated detection or user reports. Our software also examines pages' content and structure in order to catch potentially misleading pages. Google Safe Browsing can't offer perfect protection, so you should always be on the lookout for indications that a site isn't what it appears to be. But Google Safe Browsing can help identify and protect you against many of the sites designed to trick users.
4. What does an alert look like?
Additional Information For Identifying Phishing Websites:
- Too Good To Be True Be mindful of offers that are incredible.
- Sense of Urgency - When you are told to act fast, be weary of such offers. Ask uestions and do your investigations to find the truuth.
- Hyperlinks - A link may not be all it appears to be. Hovering over a link shows you the actual URL where you will be directed upon clicking on it. It could be completely different or it could be a popular website with a misspelling, for instance www.uba-group.com - which could be phishing site for ubagro
- Unusual Sender - Whether it looks like it's from someone you don't know or someone you do know, if anything seems out of the ordinary, unexpected, out of character or just suspicious in general don't click on it!
Safeguards Against Phishing Websites
Don't be too ecited to accept every offer. Don't be curious to enter your baning details on any site no matter how convincing they may seem. If you enter your information it will be stolen and abused.
Use your bookmark to access a website known to you. if not, use a search engine and type in the company’s name, then use the link from your search engine to go to the correct site.
Install or activate a web tool that identifies malicious sites for you so you know the website you find is legitimate.