A fake website is very active now-a-days to steal your usernames and passwords, Beware and secure yourself!
We find many people mourning over their stolen passwords. Many say that someone has hacked their email account and is sending emails on their behalf. Sometimes even the passwords are changed and the victim is unable to login. Same is the case with Facebook, Twitter, Orkut and other well known services these days. Now the question arises that what's the security flaw with these million dollar services??? In fact these websites have no security flaw! Then how is it possible for hackers to gain access to your account?? The answer is "Phishing". According to this trick, a web page visually exactly the same as the relevant website is created to deceive the users. E.g a fake Facebook login page is created. You enter your username and password and this info is sent to the hacker's email address and also to the Facebook to let you login! In all this scenario, you never come to know that you are hacked!
Mostly you receive fake emails directing you to a phishing page. For example you may receive a message with "Facebook" in the sender column and "A new Message on Facebook" as the subject. Obviously you will click the contained link to go to Facebook and as soon as you enter your login information, you are ruined!
Now the question arises that how to protect yourself? How to differentiate between a fake login page and an original one? The answer is simple! Always look at the address of the website in your browser before entering the personal information. For example if you see "www.Facebook.xyz.com" instead of "www.Facebook.com" in the address bar, it means that you are entering your information on "www.xyz.com" and not on "www.Facebook.com". Entering information on www.gmail.com/login, www.accounts.google.com, www.login.yahoo.com, www.signup.orkut.com is OK. Why? because the word just before .com, .net, .org defines the real website and is called the top level domain name (TLD).
Now-a-days a phishing site is very active for Facebook and Twitter. As seen in the following snaps:
So the simplest rule to save yourself is to verify the domain name before entering login information for your email or any other web service.