Why to use a sword to cut a cake when it can be done smoothly with a knife…
No doubt, Social Engineering is the best way possible to hack any victim. While performing Social Engineering, the hacker actually manipulates the victims situation to exploit into his trust, the best way possible to do such attack is being a friend or distract his mind suddenly in some incident for a while. Which is enough to get into his system to setup a back-door.
Well, Phishing is also a simple type of social engineering attack often used to steal user data, including login credentials and credit card numbers. In this attack, the attacker creates a clone of any desire website & makes it online on his own server. In this way the victim confuses with the genuine & fake website resulting in being hacked.
Today most of the anti-virus programs such as Quick Heal, Macafee, Kaspersky, Symntac, etc. have coded their products which way advanced that detects the phishing websites & many online malicious activities that occur in your compuers backend. Still, In case of Mobile Phones and Tablets, it is not possible to detect a phishing site by using any typical piece of code. Hence, for evading the phishing attack today even we need to be technically aware about basic cyber attacks.
Way ago in 1990s, there was the birth of Phishing Attack, when Internet was not yet common facility for people around many countries. Then, it was frankly easy enough to be phished by hackers. So, Phishing was named after fishing !!
As the steps of are much similiar to eachother..!
In phishing, hackers study about daily routine & nature of the victim, Then enumerates the situations to be exlpoited. Prepares the bait for victim & wait for the magic to happen by targeting the greed & necessity.
Today in this blog we will demonstrate you a simple example of how does a phishing attack works..!
THIS DEMONSTRATION IS ONLY FOR EDUCATIONAL PURPOSE, HACKSHADE BLOG IS NOT
LIABLE TO ANY ILLEGAL ACTIVITY PERFORMED BY VIEWERS.
“We promote curiosity but not with malicious intentions”
- Computer / Laptop.
- Web Hosting. (Personal)
- Basic Computer Skills.
Phishing Attack Steps:-
- Make sure, your computer is ON & connected to Internet.
- Open your web browser & go to https://www.facebook.com
- Right click your mouse on the login page & choose “Save Page As” option.
- Now, Save the page on your desired computer directory as “HTML only“.
- Open the index.html page in Notepad & search for “action=” attribute.
- Fill the attribute as action=”process.php”
- Next step is to download this process.php file & save in the same directory as index.html
- Finally now host this two website file into your webserver.
- Visit your Phising page on Internet, enter fake UserID & Password. It will be saved as data.txt in the server directory.
As we know that the phishing page is hosted on our webserver, its URL will not be Genuine. Hence any phishing website can be detected by simply viewing its URL. If it is not facebook.com, it is not genuine & thus it is risky.