Phishing is a type of fraud whose goal is to gain access to confidential user data: login, password, bank card details.
What is site phishing?
The most common type of phishing is recreating an exact copy of pages of popular resources (social networks, banks, online stores). Such sites are no different from real ones, except for the domain name. At the same time, the domain itself is extremely similar to the original spelling. Fraudsters often hack third-party sites to host phishing pages and use other people's traffic. This could damage your site's users and your company's reputation.
For example, after entering your login and password on a phishing website page, an automatic redirection to the original site may occur, and the entered data will be sent to third parties.
Where do phishing pages on a website come from?
Attackers can access your site through:
CMS vulnerability;
compromised password for FTP/hosting service;
installed scripts or plugins.
We do not recommend installing additional extensions from unverified sources, as they may contain malicious scripts that generate phishing pages.