Advance guide to phishing

Phishing is the very famous attack in hacking. Mainly people use it for hacking someone Facebook account. Here I am explaining briefly about this attack and how can you protect your account from phishing.

First of all, what is phishing?

basically, phishing is a way to hack online accounts (like Facebook, Gmail) by making fake login page similar to an original login page. When you open a phishing page it looks like an original page, for example, see this screenshot.

phishing page

A fake page of facebook




This is fake login page of Facebook but it looks like the original page (see the URL mfacbookfbloginbyus……wapka.mobi). When anybody login his account he/she will be redirected to facebook original page and his email and password will mail to my email address. This is world’s most easy method to Hack Facebook.

                Types of phishing
1. Direct Method 
2. Desktop phishing
3. Tabnapping

 1. Direct Method: It is the easiest way of hacking accounts. In this method, first of all, make a fake login page and then URL will send to the victim. As I told you above in the definition. This method is not longer working now because web browser automatic detect phishing and block page but if you are using wireless network then this method will work for you.

how to make direct phishing link:

  • This video will guide you to how to make responsive fake page for facebook mean you can open it in mobile as well as computer layout will change according to device

Limitations

  1. In today world, modern browser automatically detects phishing and block these page
  2. Free web hosting will not allow you to make phishing site.

How to be safe

  1. Always check URL before login or check website has https protocol.
  2. Use a good browser like chrome, firefox which automatically detect phishing and block page.
  3. If you are smartphone user then don’t use opera mini because it will not detect phishing

 2. Desktop phishing: This is the advanced type of phishing. This is same like above method but in this method, URL is not replaced for example if your computer is effected by this method and when you open facebook.com hacker fake page will open but URL will not change. To perform this method you need physical access to the computer because in this you will need to change hosts file of your victim computer.  Hacker sends an executable file to his victim and victim is supposed to double click on it. Hacker’s job is done means his host’s file will be changed.

What is Hots file?

Basically, this is the text file containing domain names and IP address of domain names.
Location of hosts file in windows: C:\Windows\System32\drivers\etc\, Whenever you visit any website, like www.opentechinfo.com , a query is sent to Domain Name Server(DNS) to look up for the IP address associated with this website. But before that the hosts file on our local computer is checked for the IP address associated with the domain name.

Suppose you make an entry in hosts file as shown. When we visit www.facebook.com , you would be taken to this 31.13.79.200 No query for resolving IP address associated with www.facebook.com would be sent to DNS.

Here is tutorial how to make desktop phishing for facebook

Limitations

  1. The IP which is used to make hosts files is a public IP address so it will change dynamically.
  2. Maybe browser can warn website is not genuine.

How to be safe

  1. Update your browser modern browser detect this method and can give you warning Site is not a genuine.
  2. Don’t Download software from any untrusted site.
  3. Don’t run any unknown software from pen drive belongs to your friend, girlfriend etc.

 3. Tabnapping:  If you open many tabs on browsing the internet then your account can be easily hacked by this method. In this attack when victim clicks on link from another site, for example, You and  me are friends on Facebook and I send you to link on facebook by message or using any other source  and you open link and open 2-3  more tabs then your facebook  page is replaced by another page where you need to sign in again and on sign in you will be redirect to facebook.com and your password will save in txt files belongs to me.

here is the tutorial how to make tabnapping page

Limitations

Difficult to hack accounts using this attack because sometimes user don’t stay on another site.

How to be safe

Don’t open entrusted links.

Always check URL before login.

 

Add Comment

hacking course

Get free Complete Hacking course

Best course for beginners $195

Free for Limited time

Check your email for further instructions