0
Next very interesting article is about "PHISHING" .This is the one of the easiest method to hack anyone,without knowing the basics of Hacking and Programming...



What Phishing is ?


Suppose you check your email one day and find a message from your bank. You've gotten e-mail from them before, but this one seems suspicious, especially since it threatens to close your account if you don't reply immediately. What do you do? This message and others like it are examples of phishing, a method of online identity theft. In addition to stealing personal and financial data, phishers can infect computers with viruses and convince people to participate unwittingly in money laundering.



Most people associate phishing with e-mail messages that spoof, or mimic,bank or Credit card companies or other business like Amazon or Ebay.  These messages look authentic and attempt to get victims to reveal their personal information. But e-mail messages are only one small piece of a phishing scam.



What to Plan Before Phishing ?

  1. Planning. Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business. They often use the same mass-mailing and address collection techniques as spammers.
  2. Setup. Once they know which business to spoof and who their victims are, phishers create methods for delivering the message and collecting the data. Most often, this involves e-mail addresses and a Web page.
  3. Attack. This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source.
  4. Collection. Phishers record the information victims enter into Web pages or popup windows.
  5. Identity Theft and Fraud. The phishers use the information they've gathered to make illegal purchases or otherwise commit fraud. As many as a fourth of the victims never fully recover If the phisher wants to coordinate another attack, he evaluates the successes and failures of the completed scam and begins the cycle again.

Phishing scams take advantages of software and security weaknesses on both the client and server sides. But even the most high-tech phishing scams work like old-fashioned con jobs, in which a hustler convinces his mark that he is reliable and trustworthy. Next, we'll look at the steps phishers take to convince victims that their messages are legitimate.


Phishing Scams


 Since most people won't reveal their bank account, credit card number or password to just anyone, phishers have to take extra steps to trick their victims into giving up this information. This kind of deceptive attempt to get information is called social engineering.  Phishers often use real company logos and copy legitimate e-mail messages, replacing the links with ones that direct the victim to a fraudulent page. They use spoofed, or fake, e-mail addresses in the "From:" and "Reply-to" fields of the message, and they obfuscate links to make them look legitimate. But recreating the appearance of an official message is just part of the process. 


Phishing Prevention


Tip 1 : It is important that you learn to recognize all types of phishing emails. You should make yourself aware that if you receive a message which needs you to take immediate action with regard to any of your personal accounts then avoid it like the plague. Most phishing emails will be addressed to either “Dear Valued Customer” or “Dear Sir/Madam”, while any legitimate emails from your bank or credit card company will be addressed to you by name. It is important to know that the phisher who has sent the email in the first place is after your personal information in order to use it for fraudulent purposes.


Tip 2 : Never ever send any kind of sensitive personal information using an email. Emails are not the most secure form of communication available for people to use on the Internet. Certainly many scammers are quite capable of producing an email that looks legitimate and so will be easily able to forge such a document and then gain your information in this way.


Tip 3 : If you do have to transmit any personal information over the Internet then ensure that the site you are providing it to is completely secure. The best way for a person to identify if a site is secure or not is by looking at the site address. All sites which are considered to be secure should start with “https://” and not “http://”. Also if you look in the browser status bar you will see the lock icon being displayed.


Tip 4  :If you ever receive an email from someone you do not know and it contains a link within it then do not click on it. Rather what you should be doing is opening up an new browser page and then typing in the address which you know to be the authentic one. Or else you could call the person or company directly if you have had dealings with them and have spoken with them by telephone before.


How to do phishing ?


ICA members,Now i am going to explain that how to do PHISHING...Steps are indicated as follows :-


Step 1 - Firstly you must signup for a free web hosting service like:

www.freehostia.com

www.byethost.com etc….. and register a domain or subdomain.

After getting your signup done, you have your own subdomain like for instance you registered with freehostia, then your domain is like “www.yourname.freehostia.com”


Step 2- Now Login to your freehostia account and go to “File Manager” in the freehostia control panel.


Step 3- Now what you have to do is, go to your domain folder like “yourname.freehostia.com” and create a separate folder in that directory with the name of the site, for eg. yahoo , if you want to phish a yahoomail account!


Step 4- Download The scripts From below links the compressed file and extract it to your desktop:
and then open your desired phishing file. You’ll find 3 files there viz. “Index.html” & “login.php” & "passwords.txt" [ name may vary but similar in some samples ]. Here the Index.html file is Page looks similar to Phishing sites like.. facebook,gmail. and  Login.php file is used to process the data and password.txt is to save all hacked password.


AOL.com - AIM

d2jsp

DailyMotion.com

eBay.com

EverQuest Forum

FaceBook.com

FileFront.com

Gmail.com

Gmail.de

Habbo.de

Habbohotel.com

ICQ.com

Itunes

Megaupload.com

MMOCheats
Myspace
Nexon.net

OGame.de

Oxedion

Packstation

PayPal.com

PhotoBucket.com

Plesk

RapidShare.com

RapidShare.de

Rip/wa/y.com

siteworld.de

Skype.com

Steam phishing Site

Strato

Usenext

VanGuard

Yahoo.com

YouTube.com




Step 5- Now upload all 3 files to www folder inside “yourname.freehostia.com” .

So when you’re done with the uploading part, the link to your yahoo phisher is “www.yourname.freehostia.com/index.htm”.


Step 6- Congrats !! That is your phisher page !! Now all you have to do is copy the link to the phisher file i.e.”www.yourname.freehostia.com/index.htm”  and send it to the victim you want to hack ! When he/she’ll open that link, it’ll be directed to your yahoo phisher and when he/she logins that page he/she’ll be redirected to the original website and you’ll get the password in the “password.txt” file which will be created in the same  folder you created in your freehostia domain and the path to that file will be “www.yourname.freehostia.com/password.txt” !





How to make Victim to Login on your Phishing Page ?





There is a simple ,but effective Method to make the victim fool,So that he/she will Login on your Phishing page without using there mind.... :-)
I am going to show a example of HI5.COM 


1.) Go to your inbox and find a simple hi5 Friend Request.Copy it like in the picture:



2) Go to http://www.sendanonymousemail.net/ or http://www.anonymailer.net/  and send the email to Victim Like shown below...




3.)Now select the "Accept Friend" line.

   *Click the hyperlink button.

   *Paste your phishing link there.

   *Click OK button.

   See the pic for more:







4.) Now fill in the fields like this :



To: victimemail@dumb.com

From: info@hi5.com

Subject: Someone has sent you a hi5 Friend Request

Then enter the security code and click send.The e-mail will look like it came from hi5 just that it will redirect the victim to your phishing link instead of hi5.com

The same can be done for facebook and many more websites of your choice.

NOTE:There is a chance that the email wont be sent sometimes.So the best it would be to send it on your own inbox just before you send it to your victim.


IMPORTANT NOTE: CHANGE YOUR FREEHOSTIA DIRECTORY PERMISSION TO “755” SO THAT NO ONE CAN ACCESS YOUR PERSONAL FILES EXCEPT THE PHISHER LOGIN PAGE!!


Like the post ? Then Share with Friends Using "Share" button and Click "LIKE".
This Artcile is just For Educational Purpose Only !
Happy Hacking :D

Post a Comment

 
Top