Phishing is a hacking technique in which an attacker set up a fake website (cloning original website). The cloned website looks identical (or at least similar) to genuine website. An average internet user fails to differentiate between legitimate and fake websites.
These cloned website are usually created using some sort of software that are able to copy legitimate website or at least login page and other important pages.
How Phishing Works?
After setting up phishing website, the attacker uses social engineering techniques to send the innocent target (an individual or may be mass population) to this website. An innocent target – unknown of the fact that it’s a phishing website, usually enters his login details to enter into the website. Phishing website saves all the details in database for its owner (attacker), who can view these details later anytime.
When you submit your password credentials to these phishing websites, they redirect you to the original website. This way you never realize what just had happened.
Facebook Phishing Demonstration
Now, I’m going to demonstrate you how phishing is done (with the help of a video) and how to protect yourself against phishing attacks.
Unfortunately, I have to mention Facebook example here for the sake of educating you. I hope you’ll use this knowledge to protect yourself and loved once.
WARNING: Never try phishing on anyone in real life. It’s illegal and a crime. One time fun can be turned into lifetime prison. Mind it, I have already warned you.
To perform phishing a hacker needs following resources:
A webserver or web-host (where your phishing websites will be hosted)
A phishing website (with the facility to store login details)
Now the Facebook Phishing procedure:
Firstly, a hacker will setup an account at some free web hosting service.
Then, the hacker selects www.visititsoon.example.com* sub-domain (refer to the video) (*name changed). Then, he confirms his free web-hosting account via email verification.
Now he visits to www.facebook.com and make a right click on the facebook login page, he chooses the option “view page source”. Now, source code of facebook page is available and he copies the complete code.
Then, the hacker opens notepad++ application and paste all the copied source-code there. Now he searches for ‘action’ word in it and locates to following statements:
Here are few basic tips that protect you from getting phished! Follow them:
Always use well know and trusted web browsers like Google Chrome, Mozilla Firefox, Apple-Safari, Opera, IE etc. They are able to detect phishing pages (refer to video).
Use a good antivirus (additionally anti-spyware & anti-adware protection). They can easily detect and block phishing pages.
Always check browser’s address bar to confirm the webpage address is valid. Note: Secure websites uses https:// instead of http:// (‘s’ can be seen as secure) e.g. https://facebook.com, https://google.com and All Banking website etc.
Don’t visit untrusted website and NEVER submit personal details (such as username, account’s password, PIN and other important credential).
Your Friends Gonna LOVE YOU for SHARING THIS AWESOME ARTICLE!