Hackers are more brazened everyday, and as of late we have heard so many stories of their hacks against big and sophisticated institutions such as FBI and partners of FBI and Sony and so on. Although Sony is the older story, but it is still fresh in some people’s minds. Of late, some hackers even go after DNS servers so they could redirect legitimate web traffics to their malicious websites of choice. This is one way to phish for users’ credentials, consequently hackers can unlock users’ web accounts. The legitimate form of phish is phishing, and it means that hackers set up digital traps/hacks to steal credential information from users, but the users may not know they’ve been scammed since the traps/hacks made to look like the real things.
Perhaps the only way to protect oneself from getting phish by being paranoid about what webpages you’re landing on. Let say you’re trying to visit a well known website, but the website address looks a little funky, then you should not enter any credential of yours onto such website/page until you have verified and sure that you’re on a legitimate website/page. Sometimes, you have to make sure the IP address of such a website is from the institution that it claims to be.
Finding a website’s IP address is pretty easy. Just open up a Window shell (i.e., cmd) or a unix-like terminal and ping the website’s domain name such as using this command [ping Yahoo.com], then comparing the legitimate website’s IP address with the URL’s IP address (i.e., using ping command also) to see if both IP addresses of the two slightly different URLs are the same. If both IP addresses of the two slightly different URLs are the same IP address, then you might be on the legitimate website. Sometimes a well constructed misleading URL can mislead users to ping the wrong part of the URL, consequently will not help users avoid the phishing scheme. This is why make sure you understand which part of the URL inside your web browser’s address bar is the actual top level domain name and not otherwise.
I’m not sure if I’m entirely right, and you can correct me in the comments below this blog post if you think I’m wrong that verifying IP address of a legitimate website can be DNS hack proof. After all, don’t hackers have to take over a DNS control panel of a domain account or registrar and entered their malicious IP addresses that point to their malicious domain names so legitimate web traffics can be redirected to the malicious web destinations? If that is the absolute case/way, then verifying the IP address of a legitimate website is one absolutely best way to confirm if you are on a benevolent web destination.
OK, I’ve to admit that even though you have confirmed the IP addresses of slightly different URLs are the same IP address, it does not mean that you’re on the legitimate website/destination. Why? Perhaps, that very IP address is the only IP address that the hacker(s) is using and not of a legitimate website. Sometimes, it helps to make sure the IP address of a legitimate website you’re trying to reach is made available through search engines or some reputable web services so you can comparing the IP addresses from such sources with the ones that you’d pinged. Doing reverse IP lookup or domain lookup helps too!
Another thing, you can avoid a lot of troubles by protecting your email accounts at all cost. Hackers love to have access to your email accounts so they can reset your web accounts’ passwords. Many websites allow users to reset web accounts’ credentials by simply click on confirmation links within emails. This could be why it’s a goldmine for hackers to be able to penetrate their targets’ email accounts. So, using unconventional passwords, different password for every email/web account, is best to protect one’s email/web account, especially true for the email accounts.
Vinh Nguyen
