Phishing is the very famous attack in hacking. Mainly people use it for hacking someone Facebook account. Here I am explaining briefly about this attack and how can you protect your account from phishing.
First of all, what is phishing?
basically, phishing is a way to hack online accounts (like Facebook, Gmail) by making fake login page similar to an original login page. When you open a phishing page it looks like an original page, for example, see this screenshot.
Types of phishing
1. Direct Method
2. Desktop phishing
1. Direct Method: It is the easiest way of hacking accounts. In this method, first of all, make a fake login page and then URL will send to the victim. As I told you above in the definition. This method is not longer working now because web browser automatic detect phishing and block page but if you are using wireless network then this method will work for you.
how to make direct phishing link:
- This video will guide you to how to make responsive fake page for facebook mean you can open it in mobile as well as computer layout will change according to device
- In today world, modern browser automatically detects phishing and block these page
- Free web hosting will not allow you to make phishing site.
How to be safe
- Always check URL before login or check website has https protocol.
- Use a good browser like chrome, firefox which automatically detect phishing and block page.
- If you are smartphone user then don’t use opera mini because it will not detect phishing
2. Desktop phishing: This is the advanced type of phishing. This is same like above method but in this method, URL is not replaced for example if your computer is effected by this method and when you open facebook.com hacker fake page will open but URL will not change. To perform this method you need physical access to the computer because in this you will need to change hosts file of your victim computer. Hacker sends an executable file to his victim and victim is supposed to double click on it. Hacker’s job is done means his host’s file will be changed.
What is Hots file?
Basically, this is the text file containing domain names and IP address of domain names.
Location of hosts file in windows: C:\Windows\System32\drivers\etc\, Whenever you visit any website, like www.opentechinfo.com , a query is sent to Domain Name Server(DNS) to look up for the IP address associated with this website. But before that the hosts file on our local computer is checked for the IP address associated with the domain name.
Suppose you make an entry in hosts file as shown. When we visit www.facebook.com , you would be taken to this 22.214.171.124 No query for resolving IP address associated with www.facebook.com would be sent to DNS.
Here is tutorial how to make desktop phishing for facebook
- The IP which is used to make hosts files is a public IP address so it will change dynamically.
- Maybe browser can warn website is not genuine.
How to be safe
- Update your browser modern browser detect this method and can give you warning Site is not a genuine.
- Don’t Download software from any untrusted site.
- Don’t run any unknown software from pen drive belongs to your friend, girlfriend etc.
3. Tabnapping: If you open many tabs on browsing the internet then your account can be easily hacked by this method. In this attack when victim clicks on link from another site, for example, You and me are friends on Facebook and I send you to link on facebook by message or using any other source and you open link and open 2-3 more tabs then your facebook page is replaced by another page where you need to sign in again and on sign in you will be redirect to facebook.com and your password will save in txt files belongs to me.
here is the tutorial how to make tabnapping page
Difficult to hack accounts using this attack because sometimes user don’t stay on another site.
How to be safe
Don’t open entrusted links.
Always check URL before login.