This post will explain you about phishing which came across me when I used to learn hacking related stuffs.In this post I will be explaining you mode of operation of phishing starting from scratch.Though phishing is old ,it poses as a great threat in the world wild wide web.For security it is needed to get into the source loop holes.So,lets start without wasting much time.
Definition
Phishing is simply the act of creating fake page of any legitimate web-service and host them on net in order to fool the user to get the passwords,credit card no.,social security no. etc
Requirements
1. Web browser (mozilla firefox, internet explorer)
2. text editor (ex: notepad ,kwrite)
3. Knowledge of basic HTML and some scripting languages like php,javascript etc.
4. web hosting resource
Mode of operation::
I will provide quite simple steps.
1.The source code of the target website is obtained by using in built function of web browsers .
Ex: For mozilla firefox page source code can be obtained by
option 1) by navigating to page source present in edit tab.
option 2) pressing ctrl+u
option 3) right clicking and selecting view page source
2. All the source code is copied into an editor.
3. Now ,the action attribute of form element is searched .
• Form elements are elements that allow the user to enter information (like text fields of username ,password, textarea fields, drop-down menus, radio buttons, checkboxes, etc.) in a form.
•When the user clicks on the "Submit" button, the content of the form is sent to the server. The form's action attribute defines the name of the file to send the content to. The file defined in the action attribute usually does something with the received input.
5.From the above explanation it is quite clear that by editing the action attribute we can send information (like user account information) .
6.As the last step ,manipulated web page is hosted in the web and victims are made to use them using some social engineering technique.
social engineering ::Social engineering is a collection of techniques used to motivate people into performing actions that will reveal confidential information.
1.As seen from user side ,when he clicks on the link given in the above mail he is driven to a web page exactly similar
to original site.
2.When user hits enter i.e submits after filling out the log in form ,the information entered is sent to the file specified by the attacker.
Remember the target site can be your online banking account site.
Prevention
1.Don't blindly believe any kind of mail without authenticity.
2.While logging in give a close look at the domain name
3.Change your passwords regularly.
4.Use some web-site advisory software (now a days comes with internet security softwares).
ex: Wot
5.Always be alert.
EmoticonEmoticon