Phising: Faking of Identity
This blog is about the Phising or faking of websites by Hackers. Phishing or faked websites are always a key concern for users doing online transactions, but it is a bigger concern for enterprises who own websites that can be phishing targets. When a site is phished, it is out of the control of the owner of the actual site as he doesn’t even know that his site has been phished, unless someone reports a scam about it. And such phishing sites are the biggest cause for loss of reputation for such websites.
So, if you own a website that is vulnerable to phishing, you must start thinking of measures to take towards preventing it. Yes, you would have to secure your site with digital certificates from known certification authorities, and would need to introduce multifactor authentication for your users and customers.
But other than doing all this there is another easy way to keep track of which sites are trying to phish your website. The technique doesn’t use any security device or application; rather it works on the great power of today’s search engines.
If you do a simple search on the net you will find lots of free and commercial web based plagiarism detection tools. Essentially these tools are used for checking copying of copyrighted material across websites. Such tools tally each and every sentence on a website and try to search for matching sentences on other websites, indexed on a given search engine.
During the process of phishing, the attacker copies the actual website to create an exact replica in terms of look and feel, and so he must be using the same text as the real site.
If you run your website through a plagiarism checker, it must show you all websites with the same text, including those that are likely to be phishing websites. This technique works pretty well with websites having fewer images and animations and more of text.
One such free website where you can check for plagiarism is http://copyscape.com. It gives you 10 tries in a one month, which should be good enough for a regular check.
