Thursday, March 2, 2017

Phishing

What Phishing is?

 Basically, Phishing is just like Fishing. It means in the both scenarios we use baits. As an example in Fishing we are using worms as baits. In Phishing we are using legitimate web pages to get their personal information.
Now we'll come up with a clear definition of Phishing,

Phishing is a term used to describe a malevolent group of individuals or individuals who scam users. They do so by sending e-mails or creating web pages that are designed to collect an individual's online bank, credit card, or other login information. Because these e-mails and web pages look like legitimate companies users trust them and enter their personal information.


How Phishing Web Site looks like?


How the Actual Site looks like?


How to identify a Phishing Attack?

  • Check the URL you received which belongs to the original site.
  • If an e-mail an urgent action or near deadline.
  • Page with lots of pop-up adds.
  • By looking for spellings and grammar mistakes. Because Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious
  • If the attacker is not directly targeting a particular person or a organization the e-mail would not contain your name or username. 

 How to do a Phishing attack in simple way..


  • First go to the page which you want to use as the base of your phishing attack
  • Then right click and go to "save as.." and download it


  • Then open that file from "Notepad" and find the word "action=" near the "POST method"
  • then clear the part which is inside "" and replace it with <filename.php> and save that file as <index.html>



  • Then again open a notepad file and enter the below code and save it as the name you provided in index.html file <filename.php> 
  • Then host it in a web hosting site. (https://www.000webhost.com/) 
  • For better out come you can short your created URL
  • Now your Phishing page is completely done. 



  • Then someone enters their username and password and click login the page will reload to the original site and you will get the Username and the Password to a text file call "Passwords"  






How to terminate a phishing attack?

  • Don’t give up personal information. Legitimate banks and most other companies will never ask for personal credentials via email. Don’t give them up. If you get an e-mail it's better to call and ask from the original organization which you got the e-mail.
  • If you have a doubt of an e-mail don't give your original user name and the password first time.
  • Don’t click on unknown attachments
    Including malicious attachments which contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.
  • Don’t believe everything you see
    Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.     

What should you do if you have faced to a Phishing Attack?
  • Login to the original organization website and and immediately change your Username and Password.
  • Scan for malware in the case of your PC has been infected by a fake site. 



Specially don't use same Username and Password for all the sites you're using!!!

 You can simply download all the source files from here 
 https://github.com/janitha1st/Sample-Phishing-Attack---ikman.lk- 
 https://github.com/janitha1st/Sample-Phishing-Attack---ikman.lk- 






Posted by at

6 comments:

Subscribe to: Post Comments (Atom)