This project was made in order to teach the users how phishing attacks can happen so often and eductae them to be scammed by phishers.
Merve Polat-Project Report.pdf
https://www.youtube.com/watch?v=3XE1XOuikPg
- Knowledge on HTML, CSS, and Javascript
- Ability to design frontend
- Having general understanding of Phishing and its usage
- Ability to use Visual Studio or Visual Studio Code
- Competence in designing Microsoft SQL Management Server Studio and creating databases
The subject of the project is what is phishing, how is it done, what should be taken into consideration, what risks does it pose?
Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
The architecture of a phishing attack is dynamic, adapting to the evolving landscape of cybersecurity. Social engineering techniques are often employed to gather information about potential victims, tailoring deceptive communications to match individual preferences and contexts. The perpetrators, akin to digital puppeteers, exploit the human element as the weakest link in the security chain.
As the digital ecosystem continues to expand, so too does the sophistication of phishing schemes. Advanced technologies, such as spear-phishing and whaling, target specific high-profile individuals or organizations, demonstrating a chilling level of precision in their deceit. The battle against phishing requires not only robust technical defenses but also a vigilant and informed user base capable of recognizing the subtle signs of these virtual masquerades.
In the vast seas of cyberspace, phishing stands as a lurking threat, underscoring the imperative for constant vigilance and education. Understanding the tactics employed by these virtual predators is the first line of defense against their elusive and damaging endeavors.
Phishing attacks are generally attacks aimed at gaining sensitive and confidential information such as usernames, passwords, credit card information, and network credentials. Cyber attackers use social engineering by posing as a normal individual or organization via phone or email to manipulate victims into taking certain actions—such as clicking on a harmful link or attachment—or willingly disclosing confidential information.
The aim here is; The aim is to convince the recipient of the e-mail that there is something they want or need in the message - such as a request from the bank of which they are a customer or an e-mail from a colleague at their company. Aside from email, phishing scams can also use phone calls, text messages, and social media to trick victims into providing sensitive information.
Phishing attacks generally occur in three stages. In the first stage, people who will carry out phishing attacks create fake web pages that give the impression that they belong to a real institution (for example, from Instagram, Paynet, Akbank etc.). In the second stage, electronic mails (e-mails) that appear to be from real institutions are sent to large user groups, and in these mails, users are asked to open the link provided and enter their information.
At this point, a false excuse is usually given, such as the user information has been deleted because there was a problem in the institution's database and therefore the information must be re-entered. At this stage, the information of those who find the incoming e-mail credible, open the link and enter their information falls into the hands of the attackers. In the third and final stage of the attack, people's credit cards are used illegally or their bank accounts are emptied by using this information.
Phishing attacks are not always carried out via e-mail. Sometimes, people are called by phone in a way that creates the impression that they are coming from a real institution, and the deceived person is asked to enter information such as their password by giving various excuses. Phishing can also be done through unknown software downloaded from unreliable sites and link services that direct to fake sites.
If there are spelling errors in the incoming e-mail, it may be a sign that we have been exposed to a phishing attack. It is not common for there to be spelling errors in e-mails coming from corporate companies.
In some cases, an invoice etc. is attached to the incoming e-mail. It is stated that there is a document like this. At this point, we should never open attachments to e-mails we suspect.
To avoid being exposed to phishing attacks, we should not pay attention to any e-mails requesting our personal information. No institution requests information from its customers via e-mail. For this reason, if we receive an e-mail requesting our personal information, we must delete the relevant e mail and inform the system administrator of the system we use, if there is one.
Phishing attacks; It can also be done through applications downloaded to computers, tablets and smartphones. Therefore, we must download the applications we need directly from the source of the developers. Downloading apps from third party apps and untrusted sites is risky. We should never install applications that do not have a real and valid license or have been activated with fake licenses on computers. To be protected, antivirus software must be active at all times.
To log in to i.e. Paynet screens, you must follow the steps below and check the certificate. You should prefer to access the Paynet website by typing "www.paynet.com.tr" in the address bar of the internet browser.
Fraudsters may ask you for your identity information, password, pin, passphrase, your mother's name before marriage, through fake SMS, e-mail and social media (Facebook, Instagram, etc.), fake accounts that appear to belong to Paynet, advertisements or fake websites you access through search engines. They may ask for your previous surname and similar confidential information.
Be sure to check the addresses and certificates of the websites you are directed to via SMS, e-mail and social media or accessed through search engines. You should see the phrase “Issued to: *.paynet.com.tr” in Paynet's web applications. (Image below.) If you see a problem with the certificate, do not take any action and inform your bank.
Be sure to download the Paynet application you want to install on your mobile phones from official application stores (such as Google Play, Apple Store). Your phone may be infected with viruses due to applications you download from unofficial application stores or websites. Additionally, your phone book, SMS messages and banking information can be intercepted.
MVC stands for Model-View-Controller, and it is a software architectural pattern commonly used in the development of web and desktop applications. The goal of MVC is to separate the concerns of an application into three interconnected components, each with its own responsibilities. This separation helps in managing complexity, promoting code reusability, and enhancing maintainability.
- The Model represents the application's data and business logic.
- It is responsible for managing the data, processing business rules, and responding to requests for information from the View.
- Changes to the Model trigger notifications to the Controller, which can then update the View.
- The View is responsible for presenting the data to the user and capturing user input.
- It receives information from the Model and displays it in a user-friendly format.
- The View does not handle business logic or directly interact with the data; it is primarily concerned with the presentation layer.
- The Controller acts as an intermediary between the Model and the View.
- It receives user input from the View, processes it (if needed), and updates the Model accordingly.
- The Controller also listens for changes in the Model and updates the View to reflect those changes.
- It encapsulates the application's flow and business logic, ensuring that the Model and View remain independent of each other. The separation of concerns in MVC allows for easier maintenance and extensibility. For example, if you need to change the user interface, you can modify the View without affecting the underlying business logic in the Model. Similarly, changes to the data processing logic in the Model do not impact how the data is presented in the View.
- Fort template creating, tiny.cloud’s instant tools was used creating email template.
The Most Advanced WYSIWYG Editor | Trusted Rich Text Editor | TinyMCE - Chart creating tool
Getting Started | Chart.js (chartjs.org) - Using Gmail's SMTP server: Send email from a printer, scanner, or app - Google Workspace Admin Help https://support.google.com/a/answer/176600?hl=en