Top Antivirus software 2010

How Can I Identify Website Phishing Attacks?

Phishing attack on website usually happens when a hacker or fraudster or phisher hacks into legitimate web site. Once hacked the attacker (person or program) can add phishing pages to the web site or change the content of the web site. They can even download and execute programs on your web server.
But how do you identify your website is under phishing attack? Intruders usually hack a website and add phishing pages to it to steal sensitive information or to divert traffic. You should have a good monitoring mechanism to identify phishing attacks on your website. You can yourself monitor your website or allow any good third party to monitor your website to prevent or stop phishing attacks.
Let us discuss how can you monitor and identify website phishing attacks.
Related Articles:

Top Antivirus software 2010

Methods to Identify Web Site Phishing Attacks

Monitor Traffic for Unusual Changes

Unusual traffic volume to your website or from your website may indicate a phishing attack on your website. Sometimes you can see traffic flowing to an unknown URL in your site. Basically you need to keep track of the below indications.

  • Sudden spike in traffic volume directed at your web site.
  • Unusual outbound traffic emanating from your hosting server.
  • Traffic to an unknown page on your website. This unknown URL may be introduced by the attacker. This may be a phishing page.


Check Your File System

You need to check your website files for any modifications. Malware programs can edit your files once the website is compromised. Keep track of any website file changes. Also you need to check for any new file additions or even database changes. There are tools available for popular website and blog platforms to regularly check website file changes.
Read Related Articles:

Website/ Web Server configuration changes

Check your website and web server configuration file changes. Files like .htaccess need to be validated for any changes or additions. Folder and file permissions should be validated.
Read Related Articles:

Once you have identified the phishing attack on your website, you need to take necessary steps to recover from it. It is better to take your site offline temporarily till you clean up the infection. You can request or demand your hosting provider to carry out a clean-up process. You can also restore the entire site from a clean backup. Also ensure that the loopholes are closed so that you can prevent any future attacks.

Before you Go,

Before you go, subscribe to get latest technology articles right in your mailbox!.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Shares