Phishing

[ErlyRisa]

Phishing sites and their methods, reasons too phish.

 

Some have become more elaborate, and are not only phishing for instant cash reward. I have seen some that procure "new", by invoking the time of the unpaid few that just have no one to talk to on/near their level.

 

What are these sites doing for profit?

 

eg. Sites procuring opinion about a washing detergent.

 

Although Facebook has refined the method for such phishing, entities still try to do the "cookie" thing but in a manipulated manner...slowly building up a profile of a particular user.

[petrushkagoogol]

Phishing websites steal user credentials through XSS attacks (cross site scripting). They then misuse the data.

[CraigD]

Phishing websites steal user credentials through XSS attacks (cross site scripting).

This is incorrect.

 

By definition, phishing is obtaining sensitive information, usually user name/password pairs, by impersonating a trusted entity. For example, a phishing attack can involve a webpage that looks like a trusted one, but has a slightly different URL. A phishing attack on scienceforums.com members, for example, might use the DNS name sciencesforums.com.

 

A XSS attack injects data-stealing scripts into the data supplied by a trusted entity.

[petrushkagoogol]

This is incorrect.

 

By definition, phishing is obtaining sensitive information, usually user name/password pairs, by impersonating a trusted entity. For example, a phishing attack can involve a webpage that looks like a trusted one, but has a slightly different URL. A phishing attack on scienceforums.com members, for example, might use the DNS name sciencesforums.com.

 

A XSS attack injects data-stealing scripts into the data supplied by a trusted entity.

Maybe you are referring to CSRF - cross site request forgery?