Next very interesting article is about "PHISHING" .This is the one of the easiest method to hack anyone,without knowing the basics of Hacking and Programming...
What Phishing is ?
Phishing scams take advantages of software and security weaknesses on both the client and server sides. But even the most high-tech phishing scams work like old-fashioned con jobs, in which a hustler convinces his mark that he is reliable and trustworthy. Next, we'll look at the steps phishers take to convince victims that their messages are legitimate.
Since most people won't reveal their bank account, credit card number or password to just anyone, phishers have to take extra steps to trick their victims into giving up this information. This kind of deceptive attempt to get information is called social engineering. Phishers often use real company logos and copy legitimate e-mail messages, replacing the links with ones that direct the victim to a fraudulent page. They use spoofed, or fake, e-mail addresses in the "From:" and "Reply-to" fields of the message, and they obfuscate links to make them look legitimate. But recreating the appearance of an official message is just part of the process.
ICA members,Now i am going to explain that how to do PHISHING...Steps are indicated as follows :-
What Phishing is ?
Suppose you check your email one day and find a message from your bank. You've gotten e-mail from them before, but this one seems suspicious, especially since it threatens to close your account if you don't reply immediately. What do you do? This message and others like it are examples of phishing, a method of online identity theft. In addition to stealing personal and financial data, phishers can infect computers with viruses and convince people to participate unwittingly in money laundering.
Most people associate phishing with e-mail messages that spoof, or mimic,bank or Credit card companies or other business like Amazon or Ebay. These messages look authentic and attempt to get victims to reveal their personal information. But e-mail messages are only one small piece of a phishing scam.
Most people associate phishing with e-mail messages that spoof, or mimic,bank or Credit card companies or other business like Amazon or Ebay. These messages look authentic and attempt to get victims to reveal their personal information. But e-mail messages are only one small piece of a phishing scam.
What to Plan Before Phishing ?
- Planning. Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business. They often use the same mass-mailing and address collection techniques as spammers.
- Setup. Once they know which business to spoof and who their victims are, phishers create methods for delivering the message and collecting the data. Most often, this involves e-mail addresses and a Web page.
- Attack. This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source.
- Collection. Phishers record the information victims enter into Web pages or popup windows.
- Identity Theft and Fraud. The phishers use the information they've gathered to make illegal purchases or otherwise commit fraud. As many as a fourth of the victims never fully recover If the phisher wants to coordinate another attack, he evaluates the successes and failures of the completed scam and begins the cycle again.
Phishing scams take advantages of software and security weaknesses on both the client and server sides. But even the most high-tech phishing scams work like old-fashioned con jobs, in which a hustler convinces his mark that he is reliable and trustworthy. Next, we'll look at the steps phishers take to convince victims that their messages are legitimate.
Phishing Scams
Phishing Prevention
Tip 1 : It is important that you learn to recognize all types of phishing emails. You should make yourself aware that if you receive a message which needs you to take immediate action with regard to any of your personal accounts then avoid it like the plague. Most phishing emails will be addressed to either “Dear Valued Customer” or “Dear Sir/Madam”, while any legitimate emails from your bank or credit card company will be addressed to you by name. It is important to know that the phisher who has sent the email in the first place is after your personal information in order to use it for fraudulent purposes.
Tip 2 : Never ever send any kind of sensitive personal information using an email. Emails are not the most secure form of communication available for people to use on the Internet. Certainly many scammers are quite capable of producing an email that looks legitimate and so will be easily able to forge such a document and then gain your information in this way.
Tip 3 : If you do have to transmit any personal information over the Internet then ensure that the site you are providing it to is completely secure. The best way for a person to identify if a site is secure or not is by looking at the site address. All sites which are considered to be secure should start with “https://” and not “http://”. Also if you look in the browser status bar you will see the lock icon being displayed.
Tip 4 :If you ever receive an email from someone you do not know and it contains a link within it then do not click on it. Rather what you should be doing is opening up an new browser page and then typing in the address which you know to be the authentic one. Or else you could call the person or company directly if you have had dealings with them and have spoken with them by telephone before.
How to do phishing ?
Step 1 - Firstly you must signup for a free web hosting service like:
www.freehostia.com
www.byethost.com etc….. and register a domain or subdomain.
After getting your signup done, you have your own subdomain like for instance you registered with freehostia, then your domain is like “www.yourname.freehostia.com”
www.freehostia.com
www.byethost.com etc….. and register a domain or subdomain.
After getting your signup done, you have your own subdomain like for instance you registered with freehostia, then your domain is like “www.yourname.freehostia.com”
Step 2- Now Login to your freehostia account and go to “File Manager” in the freehostia control panel.
Step 3- Now what you have to do is, go to your domain folder like “yourname.freehostia.com” and create a separate folder in that directory with the name of the site, for eg. yahoo , if you want to phish a yahoomail account!
and then open your desired phishing file. You’ll find 3 files there viz. “Index.html” & “login.php” & "passwords.txt" [ name may vary but similar in some samples ]. Here the Index.html file is Page looks similar to Phishing sites like.. facebook,gmail. and Login.php file is used to process the data and password.txt is to save all hacked password.
AOL.com - AIM
d2jsp
DailyMotion.com
eBay.com
EverQuest Forum
FaceBook.com
FileFront.com
Gmail.com
Gmail.de
Habbo.de
Habbohotel.com
ICQ.com
Itunes
Megaupload.com
MMOCheats
d2jsp
DailyMotion.com
eBay.com
EverQuest Forum
FaceBook.com
FileFront.com
Gmail.com
Gmail.de
Habbo.de
Habbohotel.com
ICQ.com
Itunes
Megaupload.com
MMOCheats
Myspace
Nexon.net
OGame.de
Oxedion
Packstation
PayPal.com
PhotoBucket.com
Plesk
RapidShare.com
RapidShare.de
Rip/wa/y.com
siteworld.de
Skype.com
Steam phishing Site
Strato
Usenext
VanGuard
Yahoo.com
YouTube.com
OGame.de
Oxedion
Packstation
PayPal.com
PhotoBucket.com
Plesk
RapidShare.com
RapidShare.de
Rip/wa/y.com
siteworld.de
Skype.com
Steam phishing Site
Strato
Usenext
VanGuard
Yahoo.com
YouTube.com
Step 5- Now upload all 3 files to www folder inside “yourname.freehostia.com” .
So when you’re done with the uploading part, the link to your yahoo phisher is “www.yourname.freehostia.com/index.htm”.
So when you’re done with the uploading part, the link to your yahoo phisher is “www.yourname.freehostia.com/index.htm”.
Step 6- Congrats !! That is your phisher page !! Now all you have to do is copy the link to the phisher file i.e.”www.yourname.freehostia.com/index.htm” and send it to the victim you want to hack ! When he/she’ll open that link, it’ll be directed to your yahoo phisher and when he/she logins that page he/she’ll be redirected to the original website and you’ll get the password in the “password.txt” file which will be created in the same folder you created in your freehostia domain and the path to that file will be “www.yourname.freehostia.com/password.txt” !
How to make Victim to Login on your Phishing Page ?
There is a simple ,but effective Method to make the victim fool,So that he/she will Login on your Phishing page without using there mind.... :-)
I am going to show a example of HI5.COM
1.) Go to your inbox and find a simple hi5 Friend Request.Copy it like in the picture:
2) Go to http://www.sendanonymousemail.net/ or http://www.anonymailer.net/ and send the email to Victim Like shown below...
3.)Now select the "Accept Friend" line.
*Click the hyperlink button.
*Paste your phishing link there.
*Click OK button.
See the pic for more:
4.) Now fill in the fields like this :
To: victimemail@dumb.com
From: info@hi5.com
Subject: Someone has sent you a hi5 Friend Request
Then enter the security code and click send.The e-mail will look like it came from hi5 just that it will redirect the victim to your phishing link instead of hi5.com
The same can be done for facebook and many more websites of your choice.
NOTE:There is a chance that the email wont be sent sometimes.So the best it would be to send it on your own inbox just before you send it to your victim.
*Click the hyperlink button.
*Paste your phishing link there.
*Click OK button.
See the pic for more:
4.) Now fill in the fields like this :
To: victimemail@dumb.com
From: info@hi5.com
Subject: Someone has sent you a hi5 Friend Request
Then enter the security code and click send.The e-mail will look like it came from hi5 just that it will redirect the victim to your phishing link instead of hi5.com
The same can be done for facebook and many more websites of your choice.
NOTE:There is a chance that the email wont be sent sometimes.So the best it would be to send it on your own inbox just before you send it to your victim.
IMPORTANT NOTE: CHANGE YOUR FREEHOSTIA DIRECTORY PERMISSION TO “755” SO THAT NO ONE CAN ACCESS YOUR PERSONAL FILES EXCEPT THE PHISHER LOGIN PAGE!!
Like the post ? Then Share with Friends Using "Share" button and Click "LIKE".
This Artcile is just For Educational Purpose Only !
Happy Hacking :D
Post a Comment