Phishing - the basics

What is phishing ?
Phishing is a technique of obtaining sensitive data such username,password,credit card details etc by an attacker by claiming to be a trusted or genuine organisation/company. 
The most common type of phishing is Fake Login Pages. The basic methodology of this attack is written below

1.Suppose an attacker wants to hack gmail/yahoo/facebook/bank account of the victim. Attacker creates a fake login page of that website . This fake login page looks exactly like real/genuine login page.

2.Attacker then sends the link of that fake login page to victim through an email or any other means.The sender's email Id is usually spoofed to give an authentic look to it. 
3. Victim clicks on the link, fake login page appears in his browser and he enters his credentials in that page thinking that it is genuine.
4.The credentials that are username and password go to the attacker. Hence victim's account gets hacked.
5.Victim is then redirected to any webpage as chosen by attacker. Most probably the victim is redirected
to genuine website or a page displaying an error.



I hope the idea is clear to you. This is the best method to hack anyone's gmail/yahoo/orkut/facebook/bank account.Creating a fake login page is very simple. Then it depends on attacker's smartness that how he manages to fool the victim to get his credentials entered in fake login page. Simply this attack depends on attacker's intelligence as well as victim's carelessness.



Countermeasuers :
The obvious countermeasure is that just dont blindly enter your sensitive data in a webpage that exactly looks likea genuine/real page. Carefully check the URL .But URLs can also be spoofed. The protocol must be hopefully https(secure) instead of http. If you still have doubts, you should check the digital certificate of the website. Take care.

Note: This was just a theoretical basic guide to phishing. Read my detailed step by step tutorial on
 How to create and use fake login pages here.

8 comments:

Post a Comment
  1. created a phishing page of gmail n uploaded all needed contents but still if i visit fake login page it shows "this form is inoperational" on the top of the page and credentials doesnt reach me. help!!

  2. Many free web hosts do not allow to upload forms.Change the web hosting site , it might help you.

  3. any new way to hack facebook ? phishing pages are not working now
    need some info plz

  4. hey Aneesh i want to be your STUDENT. kndly reply me if it is possible?
    i am waiting for your warm response
    harsit
    (harshitrules@in.com)

  5. BHAY

  6. how to hack facebook plz give me compleate information for that

  7. I understand how it works, but my question is how do i get a fake website to run?, and how do i get it to send me the Data?.

    Lets say i am going to send a link to someone , a pishing website, such as www.faceebook.com/login or somthing like that, how do i create the buttons and the same look, how do i change the text, the link, so it would look as close as it can be to facebook link, and on top of that, how do i get it to send the information to me?.

  8. i am also done your process but i am not getting password or id pls rply me

Post a Comment