hi friends :D

Some days back, on my gmail account I got an fraudulent email from id customercare@icicibank.com which was asking me to click on a link, with name www.icicibank.com and address http://www.danycreations.fr/_illustrations/home.htm, in order to upgrade ICICI bank account with better security features. After forwarding that email to ICICI back customer care, I came to know that that was PHISHING..

I want to know that if I am logged in to my email account and there I click any website link contained in some email, is there is chance that doing this will disclose my account password to the person who sent the email.

As an test I emailed the text www.orkut.com to my gmail account. After logging in to this gmail account if I click this link then I am automatically directed to home page of my orkut account, without being asked to login...:(

Thanks in advance...

Orkut didn't open because the mail contains your details, but because your browser has cookies and remembers what you do (login etc) at orkut.

Orkut didn't open because the mail contains your details, but because your browser has cookies and remembers what you do (login etc) at orkut.

the mail doesn't contain any details..it just contains the orkut website address. As I use gmail id for orkut, a click on that orkut website address opens my orkut home page with me logged in automatically. How the browser is transferring password and account information through a click on the link??? Can it reveal that information to any website through a link to it contained in some email???

Anyway..thanx for the reply:D

the mail doesn't contain any details..it just contains the orkut website address. As I use gmail id for orkut, a click on that orkut website address opens my orkut home page with me logged in automatically. How the browser is transferring password and account information through a click on the link??? Can it reveal that information to any website through a link to it contained in some email???

Anyway..thanx for the reply:D

bruno just explained it. No password was transferred. You browser stores the password locally and it simply logged you in automatically as it always does. The link had nothing to do with it.

...it means password is stored locally (in cookies) and it simply logs me in automatically. But I wonder, can these cookies be used by other websites (that I am opening in a new tab of same browser window) to get my account information.:confused:
It would be very helpful, if you could suggest me any tutorial through which I can understand mechanism behind cookies.

...it means password is stored locally (in cookies) and it simply logs me in automatically. But I wonder, can these cookies be used by other websites (that I am opening in a new tab of same browser window) to get my account information.:confused:
It would be very helpful, if you could suggest me any tutorial through which I can understand mechanism behind cookies.
As far as I understand, cookies are set for a specific domain, so other domains can't access them unless they are that domain. (This keeps a script on a remote phishing website from stealing all of your cookies, and being able to use them for logging in as you at other websites).

But I wonder, can these cookies be used by other websites (that I am opening in a new tab of same browser window) to get my account information.:confused:
It would be very helpful, if you could suggest me any tutorial through which I can understand mechanism behind cookies.
It isn't the normal operation of cookies, but it can happen, although it usually requires some work and trickery. It's called cookie theft.

Start at wikipedia to get an idea of what cookies are ( http://en.wikipedia.org/wiki/HTTP_cookie ). That will also give you some key words and links to investigate further

Most of the emails I get from rogues (and that's putting it politely) rely on some kind of trickery to get you or your browser to pass on your details.

One thing to watch out for is that any links in the emails and websites they take you to might be clever fakes. Quite often the link looks real but is missing a "/" or some other small detail has been changed.

Another thing to look for is people asking details that your bank wouldn't normally ask for by email or by phone, or even over the counter (e.g. the PIN for your ATM card)

I regularly receive emails claiming to be from some agency such as the FBI, that inform me that I've won some prize that I haven't claimed yet or inherited some money. It's a dead giveaway when I take a closer look at who it's from and discover that it's from a gmail, Hotmail or Yahoo email address.

Another common one that I've been receiving in recent months is that fedex is supposedly holding a packaged for me, would I kindly pay a fee to have it released...... yeah right! Real email address: abuse at fedex dot com.

Thanks everybody... I got some good information about COOKIES on "www.howstuffworks.com":D:D:D