Stack Overflow
Stack Overflow

Questions tagged [phishing]

Phishing is a type of Internet fraud that seeks to acquire a user’s credentials by deception. It includes theft of passwords, credit card numbers, bank account details and other confidential information.

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users.

http://en.wikipedia.org/wiki/Phishing
https://www.securelist.com/en/threats/spam?chapter=85

165 questions
142
votes
5 answers

Should I use the Reply-To header when sending emails as a service to others?

Suppose we have an application that acts as a middleman, allowing Company A to send reports to their customers. Company A --> Company B (me)--> Company A's customers After getting the report we send email notifications to the recipients, but they…
Gavin
  • 9,855
  • 7
  • 49
  • 61
21
votes
3 answers

Why do browsers allow onmousedown JS to change href?

I've noticed for a very long time that when you try to copy a link location or open a link on Facebook, it modifies the link and passes it through l.php. For example, I can be sent to …
Umang
  • 5,196
  • 2
  • 25
  • 24
12
votes
2 answers

How does pushState protect against potential content forgeries?

As seen in GitHub's blog, they've implemented HTML5's JavaScript pushState feature for tree browsing (for modern browsers), bringing AJAX navigation without Hash Bangs. The code is simple: $('#slider a').click(function() { history.pushState({…
Nicole
  • 32,841
  • 11
  • 75
  • 101
12
votes
3 answers

How to verify installed application in runtime to prevent phishing attack?

I have a payment application in my device, my application connect to that application's service to get a pending-intent for launch payment activity and then listen to result in onActivityResult() method.(similar to In-App-Purchase scenario) I set…
Mojtaba Asgari
  • 1,242
  • 1
  • 13
  • 24
12
votes
3 answers

How do you prevent phishing in mobile app?

Imagine a scenario in which a game X installed on your mobile device wants to access your account information from social network Y. Assume that Y exposes some API, and have features like "login with Y" etc. On desktop PC X could popup new browser…
qbolec
  • 5,374
  • 2
  • 35
  • 44
11
votes
3 answers

Service to check a URL for malware or phishing?

Is there a service that lets me check a URL to see if it may possibly be a dangerous site? When a user exits our application by clicking on an untrusted link, we sent them through a "are you sure you want to leave" redirection screen. It'd be a nice…
chroder
  • 4,393
  • 2
  • 27
  • 42
9
votes
4 answers

How to defend against TabNabbing?

I got very concerned reading this genius post by Aza Raskin. What are the non-browsers solutions to defend against TabNabbing? Are there any?
Alix Axel
  • 151,645
  • 95
  • 393
  • 500
8
votes
2 answers

Doesn't OAuth 2.0 PKCE Flow open the door to masquerading/phishing attacks?

With OAuth 2.0 PKCE Flow for Installed App (e.g. a desktop app/cli/client library), it seems that nothing is preventing an attacker to: obtain client_id by using the original app (client_id is public and can be easily copied from browser bar/source…
dliu
  • 305
  • 3
  • 7
8
votes
2 answers

Best practices in dealing with the abuse of custom URL scheme to make phishing attack ios

The Scenario: A web application that once a new user completes the registration, an email will be sent, containing a URL that once tapped from within an iOS device, the iOS app will be launched. This scenario is a classic scenario to make users use…
goldengil
  • 1,007
  • 9
  • 25
8
votes
2 answers

Homoglyph attack detection in email phishing

Main Question I am working on an API in Java that needs to detect the use of brands (e.g. PayPal, Mastercard etc.) in phishing emails. Obviously there are different strategies that the attackers use to target these brands so that they are harder to…
Sebastian-Laurenţiu Plesciuc
  • 2,413
  • 1
  • 24
  • 41
7
votes
8 answers

What are the best ways to prevent your website from being Phished?

What are the best ways to prevent your website from being Phished? Please cite some technical suggestions and references if possible. Thank you!
Martin Ongtangco
  • 22,657
  • 16
  • 58
  • 84
7
votes
6 answers

OAuth and phishing vulnerabilities, are they inexorably tied together?

I've been doing a fair bit of work with OAuth recently, and I have to say that I really like it. I like the concept, and I like how it provides a low barrier-of-entry for your users to connect up the external data to your site (or for you to…
Matt
  • 41,216
  • 30
  • 109
  • 147
6
votes
6 answers

What is the best way to stop phishing for online banking?

Phishing is a very serious problem that we face. However, banks are the biggest targets. What methods can a bank use to protect its self from phishing attacks? What methods should someone use to protect themselves. Why does it stop attacks?
rook
  • 66,304
  • 38
  • 162
  • 239
6
votes
4 answers

What does this suspicious phishing code do?

A few of my non-IT coworkers opened a .html attachment in an email message that looks extremely suspicious. It resulted in a blank screen when it appears that some javascript code was run.