Phishing attacks are used to gain access to the potential victim’s confidential and private accounts. The attackers use fake (but very similar) website, especially log in pages, to fool their target into thinking that it is legitimate. If the target is unaware and unobservant, they will fall prey to the phishing attack but if they are wary, they have a high chance of avoiding it.
Facebook user Ricky So posted on his account a certain phishing attack involving Metrobank.
In his post, he said:
BEWARE: Phishing expeditions still happening. While I know this is a scam, I just bit the bait but not the hook to see for myself how good they are. Honestly, they are getting better. Below are two screenshots of Metrodirect log in page. For unsuspecting users, they might fall into the trap of giving away their log in details and password. But not for me. I am quite aware of these things. Perhaps a good article to write about. SPOT THE DIFFERENCE – one is bogus and one is authentic. Please share to your friends and relatives. #thefastexchange
Related: Here’s the list of most common passwords of 2016
Notice that in this version of the log-in page, the URL in the address is different from the official one with HTTPS and SSL plus the green padlock. A similar phishing technique is being exploited in Gmail and other online services to gain unauthorized access to user accounts of unaware victims. But this one’s even more extreme, as it involves the prey’s bank account.
This could be one of many attacks being done to numerous websites and in order to avoid that, one must know the important things in order to detect a fake site. Always make sure to check the URL and if you see suspect something is not right, don’t give away your information. If you are able to see one, take a screenshot and share it to spread the word as fast as possible.