If not redirected, please click here https://www.thesecuritybuddy.com/phishing/what-is-page-hijacking/
If a website duplicates the contents of
a popular website, web crawlers will detect the duplicate while
indexing the webpages. And if two pages have same content, only one
will be shown and the other will be kept in Show Similar Pages. And, attackers take advantage of this behavior in Page Hijacking.
How is Page Hijacking perpetrated ?
In Page Hijacking, attackers make a website,
duplicating the contents of a popular website. Then, they use some
malicious techniques that ensures that after a few weeks their duplicate
website gets shown and the other is kept in Show Similar Pages.
For example, suppose a popular website
is called www.ecommerce.com
and it sells online clothes.
To do Page Hijacking, attackers first make a website www.ecommerce.org and duplicate the webpages. After a few weeks, the search result will show something like this :
To do Page Hijacking, attackers first make a website www.ecommerce.org and duplicate the webpages. After a few weeks, the search result will show something like this :
Ecommerce.org - Buy Clothes Online
Offering clothes online
www.ecommerce.org
- Show Similar Pages -
As a result, visitors searching with “online clothes” will end up visiting the malicious website www.ecommerce.org, instead of the authentic website of ecommerce.com.
Offering clothes online
www.ecommerce.org
- Show Similar Pages -
As a result, visitors searching with “online clothes” will end up visiting the malicious website www.ecommerce.org, instead of the authentic website of ecommerce.com.
Now, the attackers are free to redirect the innocent visitors to an unrelated malicious website, which may spread malware
through drive-by
download or by some other means. Or, the attackers may even plan for perpetrating more attacks.
Prevention of Page Hijacking for Users
A couple of steps can be taken to prevent falling victims of Page Hijacking :
- Use your common sense while browsing. Do not install anything in your computer, unless you are very sure how much trusted the source is.
- Use anti-virus autoprotection, so that it can alert you at proper time.
- Keep an anti-hijack toolkit to be on safer side. You can use Ad-aware, Spybot, Hijackthis, CWShredder or similar.
- Keep your browser and other commonly used software updated with recent security patches.
Prevention of Page Hijacking for Website Owners
If a website is falling victim of Page Hijacking and website traffic rank is dropping dramatically suffering the business a lot, the website owners should contact the third-party site first. A couple of times Page Hijacking happens unintentionally. If that is the case, then the third-party site cooperates in most of the cases.
However, if Page Hijacking is done for malicious purposes, then the website owners should report the malicious website to search engines. Many a times the search engines investigate the matter and take necessary steps.
So, beware of various security vulnerabilities, so that you can protect yourself and your websites in a better way. And, stay safe, stay secured.
Read More
How to prevent phishing ?
What is Typosquatting and how is it used for phishing and spreading malware ?
How to create a strong password ?
What are the different techniques used in social engineering ?
How does 2 Factor Authentication improve security ?
How to safeguard oneself from Evil Twin ?
How does Network Segmentation improve security ?
How do SPF, DKIM and DMARC prevent email spoofing ?
What is Web Application Firewall ?
Read More
How to prevent phishing ?
What is Typosquatting and how is it used for phishing and spreading malware ?
How to create a strong password ?
What are the different techniques used in social engineering ?
How does 2 Factor Authentication improve security ?
How to safeguard oneself from Evil Twin ?
How does Network Segmentation improve security ?
How do SPF, DKIM and DMARC prevent email spoofing ?
What is Web Application Firewall ?
No comments:
Post a Comment