Today’s article is about Phishing.
Lets start by learning how to spell it otherwise you can get trolled on Internet.
Wrong Spelling: Fishing, Phising, Pissing, Iron Man
Right Spelling: Phishing
All good? Great now lets get straight to the point.
Now a days, everything is secured and login systems are an integral part of the security.
But only security systems have become smarter, people are still stupid.
In phishing, we create a webpage which has input forms (e.g. login page) in it and ask the victim to visit that webpage and enter his confidential information. When the victim enters his information, it gets stored in our server because we own that website and we program it in such a way that it can store any information entered.
But why will someone enter his confidential information? Well his mind will make him to do so.
Well most of the tutorials you will see on the Internet show you how to create a fake login page of GMail, Facebook etc.
But we are ultimates so lets do it in the way of a real hacker
Lets start the attack.
So I have a friend named Anant Trivedi and I want to hack his facebook account.
First of all I have to think what he likes so I can use that against him. Well i know that he is a huge addict of the a game named Clash Of Clans.
On the basis of this information, I have created a fake facebook app which requires the user to login into his facebook account.
Here is how it looks:
Now lets take a look at these points:
1. Take a look at the address bar in the screenshot above, the subdomain apps.facebook.com is the official subdomain of facebook apps which makes our phishing page look more legit.
2. I gave a good reason to click on the link i.e. its something about his addiction (Clash Of Clans)
3. I have used a picture related to the game Clash Of Clans which gives a mental excitement to the victim. So when my friend will open this page and see this picture his mind will think “Hey! It reminds me of my favorite game and with this app I will be able to add all of my friends to my clan. Lets do this!.
4. He is stupid enough to trust someone.
Now everything is ready and its time to deliver the link to my phishing page to the victim,
Here is a screenshot of what I said:
Everything went right and I got his credentials as you can see here:
I am such a hacker :v
Phishing Is More Than Sending A Link To Get Usernames And Passwords
Yep. Phishing is an art.
If you know about the victim (like I knew), it will raise the chances of a successful attack.
If you are good at web developing and can create any webpage as per your needs (like I created one for Clash Of Clans).
Develop your social engineering skills, if you can’t make the victim to click the link then your plan has no meaning.
Its not necessary to send a link, you can combine phishing with ARP Spoofing, DNS Cache poisoning etc. to make the victim login into your fake login page.
Also phishing is not limited to steal usernames and passwords, its use depend on your creativity.
I remember an incident when a hacker gave a link to a survey to my friend in which the user had to enter his name, date of birth, address etc. My friend trusted him and the hacker got his info and then used to create a fake identification and hacked his account by resetting the password with ID proof.
A hacker can steal any type of private information and this is what makes phishing so much deadly.
That’s all for now. Oh I didn’t tell you how to make a phishing page.
Sorry but you got trolled bro :v
Don’t worry I will post a tutorial on that soon.
Till than keep reading..keep learning.