Thursday, October 10, 2013

Phishing - Practical Implementation and protection

Note: This blog post is for education purpose only. Attempting to phish someone is illegal and punishable act. 



This blog post will teach you how phishing websites are set up.
Download thishttp://www.mediafire.com/download/q7bug4ug7owk8mq/Phish_Pack_by_Chrystz.rar

This pack contains phishing page for various websites including Gmail, Facebook, Paypal, LinkedIn and more

Steps:

Step 1: Sign up for a free hosting website which supports PHP ( Eg: 000webhost.com)
Step 2: Create a domain name of your choice and upload the files using file manager
Step 3: Send the link to the victim and once the credentials are entered a new file named username.txt will be created on the webpage containing the credentials of the victim

How to protect yourself from Phishing attacks? 

1. Look for the HTTPS sign before entering the credentials. The HTTPS shows that the website can be trusted (It is not like all the other http websites are bogus)
2. Carefully look the URL before entering the credentials. gmailresetpassword.zoid.com might look like a legit gmail URL but it is not.
3. Do not enter your credentials if you think there is something fishy about the website
4. Use Common sense (Needs years and years of practice for few) 

No comments:

Post a Comment