Phishing is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.
The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.
Steps of Phishing
Making a look alike website, as the Original one
The first step in Phishing is to make a webpage that looks exactly as the original webpage. This is necessary to make the user victim of the Phishing attack. If the fake webpage is not similar to the original webpage, the user may get to know about the attack, and then may not become the victim of the attack.
To make the webpage, simply open the original the original page and then copy the source code of the page. Then paste the code in a Notepad file and save the file with any name and extension as .html
Changing the code of the Webpage
Once the webpage, similar to the original webpage, is ready; the attacker needs to change the code of the page in such a way that page will work according to the attacker.
The attacker first has to develop a PHP script, which will use the PHP Mail() function to send the values entered in the Input boxes on the webpage, to the attacker’s email address.
The next step is to change the code of the page so that, when the user enters the values in the input boxes of the webpage and clicks on the Login/Sign-In Button, the PHP script is compiled and the attacker gets all the values on his email account. By default when the user enters the values on the webpage and clicks on the Login/Sign-In button, the values are passed to the Database Server of the particular website, via the Web Server, for checking the authentication of the user.
But once the code of the page is modified, the values are now sent to the attacker. The attacker can even redirect the user to the original webpage, after getting the values mailed to his email account. This will never let the user become suspicious of the attack.
Sending the link of the webpage to several users to get the Personal Data
Now once the code of the webpage has been modified, the attacker can upload both the PHP script file and the modified webpage file onto a website and then distribute the link of the webpage to all the users, whom they want to attack.
Source: This information was provided by CyberCure Technologies
CyberCure Technologies being a knowledge platform also believes in sharing its domain expertise through its training programmes for that we founded the new venture; CyberCure Solutions; the main activities of this venture is providing training, public lectures, presentations and seminars in Information Security and various professional courses.
We have successfully covered more than 200 engineering colleges with 65 technical festor 20,000 students all over India in different Cities including IIT Kharagpur, IIT Delhi, and IIT Guwahati, NIT Calicut, NIT Warangal, NIT Jalandhar, SRM Chennai and Top notch colleges.
For more information about CyberCure Solutions please visit http://www.cybercure.in/hacking/index.html
For Free Hacking Tutorials, Hacking Tools, Hacking Books, Hacking Videos, And Latest Hacking Techniques.
BY- Ravi Kumar
What is Phishing | How to Hack Email IDs | Facebook Accounts