Hacking Techniques: Phishing Basics

Phishing is another way to hack websites and gain personal data, the first one  the use of Keyloggers,  has been expained in an earlier post.
Phishing, as defined by Wikipedia is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
In simple terms, a phisher will create an exact duplicate of an original site and make victims think that it is the original one.The victims enter their vital details like credit card numbers, passwords etc which are then used by the phisher.
Very often, the victims are sent emails telling them to update their details of a website with a link to the fake website designed by the hacker which is convincing enough to be the original the users.The reasons given in the emails generally speak of database maintenance, upgradation of the site etc.
Phishers usually target sites having online payment methods and commercial websites like banks where transactions are involved. Phishing requires both extreme skill and social engineering because to create a website exactly like the genuine website is no mean task.


How the websites are faked.
In some cases the url of the websites is slighlty different from the original site. But if users do not notice the difference in the url or in the appearance of the site, they can fall prey to the phishers.
One of the methods by which websites can be faked is by using Javascript with which the url of the site is modified to look like the original site even though the site of the url is different.
Or in some cases, the window of the original url closes and a new window opens which has a different url.

An Example of misspelt url can be:-
www.facbook.com
www.mircosoft.com etc

Another trick that the phishers use is to use images rather than text in emails,  which makes it difficult to filter such emails.That is the reason why Gmail and Yahoo do not,at first, display images in an email.

Fraud Emails:-
Social engineering is an important part of phishing scams. Many email users are sent emails with notifications telling them to update or verify their accounts. Some of the common phrases are
"Dear valued customer"
or
" since the abc site is undergoing upgradation kindly click on the link and re-submit your password or details"
or
"you have won xyz lottery contest, kindly provide details so that we can complete the transaction "

They might sound funny but a lot of innocent users, mainly people who are unaware of such scams, fall prey to such tricks.
For example, back in 2003, a lot of eBay users recieved emails that claimed that if they didnt click on the link and update their credit card information, their accounts will be suspended.
The damage done by phishing may vary from denial of access to genuine users to financial loss.

2 comments:

  1. phishing is a nice and easy way to get all information about your target person or websites by making a fake page.its nice informative post.

    ReplyDelete
  2. I will soon be adding a downloadable zip file with fake pages of yahoo, hotmail, myspace, paypal, ebay, facebook and rapidshare on my blog. Now that I have found this great post I will just add a link to this post for information about Phishing. Nice articles on your blog

    ReplyDelete