ErlyRisa Posted July 19, 2014 Report Share Posted July 19, 2014 Phishing sites and their methods, reasons too phish. Some have become more elaborate, and are not only phishing for instant cash reward. I have seen some that procure "new", by invoking the time of the unpaid few that just have no one to talk to on/near their level. What are these sites doing for profit? eg. Sites procuring opinion about a washing detergent. Although Facebook has refined the method for such phishing, entities still try to do the "cookie" thing but in a manipulated manner...slowly building up a profile of a particular user. Quote Link to comment Share on other sites More sharing options...
petrushkagoogol Posted March 9, 2016 Report Share Posted March 9, 2016 Phishing websites steal user credentials through XSS attacks (cross site scripting). They then misuse the data. Quote Link to comment Share on other sites More sharing options...
CraigD Posted March 10, 2016 Report Share Posted March 10, 2016 Phishing websites steal user credentials through XSS attacks (cross site scripting).This is incorrect. By definition, phishing is obtaining sensitive information, usually user name/password pairs, by impersonating a trusted entity. For example, a phishing attack can involve a webpage that looks like a trusted one, but has a slightly different URL. A phishing attack on scienceforums.com members, for example, might use the DNS name sciencesforums.com. A XSS attack injects data-stealing scripts into the data supplied by a trusted entity. Quote Link to comment Share on other sites More sharing options...
petrushkagoogol Posted March 10, 2016 Report Share Posted March 10, 2016 This is incorrect. By definition, phishing is obtaining sensitive information, usually user name/password pairs, by impersonating a trusted entity. For example, a phishing attack can involve a webpage that looks like a trusted one, but has a slightly different URL. A phishing attack on scienceforums.com members, for example, might use the DNS name sciencesforums.com. A XSS attack injects data-stealing scripts into the data supplied by a trusted entity.Maybe you are referring to CSRF - cross site request forgery? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.