hi everybody i'm going to tell you abt how to protect yourself from PHISHING atacks
so lets see how they work:
an attacker creates a fake session expire screen and send it to you asking for your password .
when you enter your password that password is mailed to him becuz of a script he has inserted in the coding of that fake screen.
then the fake page automatically redirects you to the home page of that website,most users take this as a error, but it is more than that.
to protect urself follow the following point:
>if ever you are woking on the internet and you get a session expire page in front of you suddenly or suspiciously ,first give a wrong password to it ,
if it says "invalid username/password" then you can be sure that this was a genuine screen and then enter your correct password.

but if you are redirected somewhere then you can relax becuz you have just fooled the attacker.
but in case you have entered ur password and then you realized that you have been fooled then "IMMEDIATELY CHANGE YOUR PASSWORD".
i myself follow this practice of first giving wrong password,so plz you all follow this practice too if you want to protect yourself from the malicious eyes.

thanx mate. Real cool way to fool hackers.

thanks really helpful

>if ever you are woking on the internet and you get a session expire page in front of you suddenly or suspiciously ,first give a wrong password to it ,
if it says "invalid username/password" then you can be sure that this was a genuine screen and then enter your correct password.

.
This does not always work.
I can show you, I created fake yahoo page using PHP
and it'll not log you unless you enter correct password

yeah right , coz that fake page may first authenticate our password by sending it to actual server.

This does not always work.
I can show you, I created fake yahoo page using PHP
and it'll not log you unless you enter correct password

yes, it doesn't but the instance you mentioned is by advance hackers,script kiddies don't know abt it and let me tell you only script kiddies will be interested in hacking a passwords of email accounts:twisted: ,pro/adv hackers don't do it unless the account is of a millionare, they have more important job to do than just hacking into email accounts of an individual.8-)

yes, it doesn't but the instance you mentioned is by advance hackers,script kiddies don't know abt it and let me tell you only script kiddies will be interested in hacking a passwords of email accounts:twisted: ,pro/adv hackers don't do it unless the account is of a millionare, they have more important job to do than just hacking into email accounts of an individual.8-)

Or if it is of their Girlfriends:-D

But on the other hand, They generally don't have Gf

Thanks for this very informative tutorial. It was of great help indeed.