Today we will discuss about phishing.
What is Phishing? Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
How Does Phishing works?
The Attacker will build a fake web site which is similar to the legitimate one and he direct some traffic to his fake website through some popular techniques like mass emailing or through social engineering ,etc.
Once the victim gives his personal information in the fake website hosted by the attacker ,the information will be available to attacker and he can use for his personal gain or can sell in the underground community.
Now i think you have some understanding about Phishing, beware of phishing on internet.
Some Intersting statistics on Phishing in India:
KOLKATA: RSA, the security division of EMC, in its May Fraud Report said that India ranked amongst the top three countries targeted through phishing attacks by brands. The other countries witnessing the phishing attacks by brands was the US followed by UK.
The report highlights the latest cyber security threat to the global hospitality and airline industry which has now become an important target for fraudsters. According to the report, there is a vast amount of personal and financial data of customers stored online and cyber criminals have discovered unique and creative ways like fraudster travel agencies and many more to exploit the industry and its customers.
The U.S (42%), UK (19%), and India (8%) accounted for 70% of the brands targeted by phishing in April. Brazil and China fell off and were replaced by Ireland and Colombia in terms of the countries with the most targeted brands.
How to Perform a Phishing attack?
Phishing is done in different ways, one way is to use automated tools like SET which is available as open source. SET refers to Social Engineering Toolkit. In the following steps I will show you how to perform Phishing using your PC. Below is the statistics of different phishing attacks.
Requirements to perform Phishing using ur computer:
1. Install Back-Track Linux on your PC or Laptop.
2. Internet Connection is must.
3. As it is illegal to perform phishing attacks on others prepare yourself to go behind bars if caught.
That's all you are ready to perform The attack.
Phishing Step by Step:-
Step 1:- Open SET toolkit in BackTrack Linux. It is already installed in BackTrack.
Goto --> Applications -->Backtrack --> Exploitation Tools --> Social Engineering Tools --> Social Engineering Toolkit --> set.
Step 2:- Use the option 2. which is Website Attack Vectors.
Step 3:- Use the option 3. which is Credential Harvester Attack Method.
Step 4:- Use option 2 . Site Cloner.
Step 5:- SET will ask you to enter the URL of the site to clone, that is you have to fake a legitimate website like say LinkedIn , then you have to enter the LinkedIn URL which contains Username Password field. for example give this link, http://in.linkedin.com/
Step 6:- Your fake website will be prepared and hosted on your computer by SET automatically , ur task is to send your IPaddress to your friends like this link http://Your-IP-address/ . Once the victim clicks the link he will be presented a fake linkedIn web page from your computer, but he/she thinks that it is legitimate and enters their personal information like username and passwords. Once they enter it will recorded to a file in your computer. that's all.
Phishing and Countermeasures :-
1. Don't open any E-mail sent from unknown Person.
2. Don't Click on the links which you do not trust.
3. Check the URL carefully before entering your personal details.
I myself tried this attack on my friends most of them easily fall to this attack and gave their Personal Information. Success rate is above 90% . In my view Social engineering works most of the time particularly when all the doors to exploitation are closed.
Please comment something on this tutorial , so that i can know how to improve my content. Thanks for Visiting my blog. Some of the pictures are taken from Internet so the credit is to internet.
What is Phishing? Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
How Does Phishing works?
The Attacker will build a fake web site which is similar to the legitimate one and he direct some traffic to his fake website through some popular techniques like mass emailing or through social engineering ,etc.
Once the victim gives his personal information in the fake website hosted by the attacker ,the information will be available to attacker and he can use for his personal gain or can sell in the underground community.
Now i think you have some understanding about Phishing, beware of phishing on internet.
Some Intersting statistics on Phishing in India:
KOLKATA: RSA, the security division of EMC, in its May Fraud Report said that India ranked amongst the top three countries targeted through phishing attacks by brands. The other countries witnessing the phishing attacks by brands was the US followed by UK.
The report highlights the latest cyber security threat to the global hospitality and airline industry which has now become an important target for fraudsters. According to the report, there is a vast amount of personal and financial data of customers stored online and cyber criminals have discovered unique and creative ways like fraudster travel agencies and many more to exploit the industry and its customers.
The U.S (42%), UK (19%), and India (8%) accounted for 70% of the brands targeted by phishing in April. Brazil and China fell off and were replaced by Ireland and Colombia in terms of the countries with the most targeted brands.
How to Perform a Phishing attack?
Phishing is done in different ways, one way is to use automated tools like SET which is available as open source. SET refers to Social Engineering Toolkit. In the following steps I will show you how to perform Phishing using your PC. Below is the statistics of different phishing attacks.
Requirements to perform Phishing using ur computer:
1. Install Back-Track Linux on your PC or Laptop.
2. Internet Connection is must.
3. As it is illegal to perform phishing attacks on others prepare yourself to go behind bars if caught.
That's all you are ready to perform The attack.
Phishing Step by Step:-
Step 1:- Open SET toolkit in BackTrack Linux. It is already installed in BackTrack.
Goto --> Applications -->Backtrack --> Exploitation Tools --> Social Engineering Tools --> Social Engineering Toolkit --> set.
Step 2:- Use the option 2. which is Website Attack Vectors.
Step 3:- Use the option 3. which is Credential Harvester Attack Method.
Step 4:- Use option 2 . Site Cloner.
Step 5:- SET will ask you to enter the URL of the site to clone, that is you have to fake a legitimate website like say LinkedIn , then you have to enter the LinkedIn URL which contains Username Password field. for example give this link, http://in.linkedin.com/
Step 6:- Your fake website will be prepared and hosted on your computer by SET automatically , ur task is to send your IPaddress to your friends like this link http://Your-IP-address/ . Once the victim clicks the link he will be presented a fake linkedIn web page from your computer, but he/she thinks that it is legitimate and enters their personal information like username and passwords. Once they enter it will recorded to a file in your computer. that's all.
Phishing and Countermeasures :-
1. Don't open any E-mail sent from unknown Person.
2. Don't Click on the links which you do not trust.
3. Check the URL carefully before entering your personal details.
I myself tried this attack on my friends most of them easily fall to this attack and gave their Personal Information. Success rate is above 90% . In my view Social engineering works most of the time particularly when all the doors to exploitation are closed.
Please comment something on this tutorial , so that i can know how to improve my content. Thanks for Visiting my blog. Some of the pictures are taken from Internet so the credit is to internet.
