[IT Security] Interesting phishing email

You may hear the word “Phishing“. Phishing is typically used by the thieves to get a user password credential such as online banking username and password, email, etc.. The manner in which it was all sorts, through this article I will show one phishing emails I ever could. I would invite the readers to be careful in an email that looks “WOW” to me

 

A few weeks ago I received an email message saying that I received sizable bonuses from Masterforex (Forex company) amounting to U.S. $ 1000. In that email I was told to click on the link provided in the email. Email is like the image below:

I had a feeling this definitely a phishing, but I wonder what kind of tactics they use, then I click that link.Then it is redirected me a link to the website similar to  Masterforex as shown below. I was told to sign in and are asked to enter a username, password, phone password, and PIN code. Then I tried just to  enter a random username , and guess what? I can still sign in and  redirected to the next page as below.

After that I was redirected to a link where its display exactly as Yahoo Mail. At this stage, the thief wanted to steal our yahoo email passwords. Just look at the destination url in my browser, the url was not the url you used to sign into yahoo mail. For more details see in the picture below.

After I enter my username and password for Yahoo Mail randomly then I am redirected to a page like this below

Phising Email to My Yahoo Mail

Redirected To Master Forex

 

Redirected To Master Forex

 

I was redirected to fake yahoo mail sign on page

 

















 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The above article is just a little picture about how the thieves trick us to steal our password, in fact there are many more tricks that are more sophisticated. Through this article I just want to warn  the readers to be more careful in reading the email, and be more careful in the email that it was too “Bluff”. Here are tips from me to avoid phishing:

1. Note the url address of the destination, make sure that the address of the destination url is correct.

2. For sensitive category website (such as email, online banking), make sure that it has a ssl certificate on it.

3. If you are not sure of the url address that you open, you should contact the parties concerned

avatar
We are teams that have the same hobbies in Information Technologies and have experienced in many fields regarding Information Technologies .

Recent Articles

Email
Print