Jump to content


Photo

[Security Guide] Phishers


  • This topic is locked This topic is locked
8 replies to this topic

Posted 07 November 2016 - 04:02 PM #1

Jedzio
Super Donator

Jedzio
Posts: 459
Likes: 302


  •  Member since:
    04 Nov 2016

    • Time spent:
      38d 4h 42m 57s

  •  Total level:
    1,798
    Awards
First off, lets begin with the definition of what a phisher is.




Quote
Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

-Wikipedia





Now for a more user/noob-friendly definition. The way it is called "phisher" can be related with the actual word "fisher", this is because it's basically what it does. It pretends to be something it's not and tries to fish in your passwords and in sometimes money if used with Paypal/Bank information.

It's a copy of the source code which is then modified a bit for it to be able to log your credentials. Sadly it's something fairly easy to do and that's why you see it more and more by he passing day.

Here's an example of a phisher I created for the purpose of this guide that looks exactly like Alora.(Note, I have not modified the source code in any way so it will not log any credentials, however if you feel a bit un-encouraged to proceed to the link, i'll post a screenshot of it.)

http://www.alora.byethost18.com/

Here's the screenshot of it for those that didn't want to click the link.



http://prntscr.com/d4dwmx

A few tips to avoid getting phished.

1) Right off the bat, look at the url. It looks strange right? ".byethost18.com" That's mostly due to the fact that these are made sadly by kids\teenagers that don't have the money to get a paid hosting\domain. Don't click suspicious links, nor go to strange websites with weird urls.

2) If it was sent to you via email\facebook\skype\ETC by someone you are friends with and you think you can trust, be careful. That person might be infected by a virus that is making him send that out.

3) Be smart. Now that you know a bit more about phishers, take a bit of time to get familiarized with other methods of SE(Social engineering) and on how to avoid it.

Well, that's it for now guys :)
If you have any other guide you feel I should make, comment here or send me a pm.
Posted Image

Posted 07 November 2016 - 04:08 PM #2

Life
User

Life
Posts: 162
Likes: 57
Location: Upstate NY



  •  Member since:
    03 Sep 2016

    • Time spent:
      17d 9h 51m 50s

  •  Total level:
    1,151

  •  1 bugs found

Embed the photos, and the URL doesnt have ".comxa.com"


Posted Image

What/who exactly is Life?


Posted 07 November 2016 - 04:08 PM #3

F 8
Ex-Staff

F 8
Posts: 827
Likes: 1,185
Location: West Coast North America



  •  Member since:
    01 Nov 2016

    • Time spent:
      180d 20h 10m 15s

  •  Total level:
    2,276
    Awards

  •  2 bugs found

Nice guide man, very informative.



Posted 07 November 2016 - 04:09 PM #4

Jedzio
Super Donator

Jedzio
Posts: 459
Likes: 302


  •  Member since:
    04 Nov 2016

    • Time spent:
      38d 4h 42m 57s

  •  Total level:
    1,798
    Awards

Embed the photos, and the URL doesnt have ".comxa.com"

The screenshot is too large mate.


Posted Image

Posted 07 November 2016 - 04:27 PM #5

Elsa
Veteran

Elsa
Posts: 238
Likes: 628
Clan: Prophets of Profit
Location: Sweden



  •  Member since:
    23 Jul 2016

    • Time spent:
      249d 19h 20m 40s

  •  Previous username:
    Love Lain

  •  Total level:
    2,277
    Awards

  •  9 bugs found

Nice and informative guide :) Thanks for this ^

 

 

Want to add a tip of my own, that I tend to use whenever I'm unsure wether a site is real or not:

 

Inspect element (ctrl+shift+c) on the site you're suspicious of, then search (ctrl+f) type in ex: '  method="  ' If it says something.php it's likely a phishing site. Most commonly you'll see post.php and send.php on phishing sites..

 

Also, if the site has https instead of just http it's defo a more secure site.

 

And ehm.. a last thing... Double check the adress as you enter the site.. If you got the link via ex: mail there's a chance the adress was first faked by linking a text that looks like the real site to the phishing site. So yeah... Be aware.

 

example: The site below doesn't actually link to Alora.io !!!

 

https://www.alora.io



Posted 07 November 2016 - 06:58 PM #6

Penta
Donator

Penta
Posts: 28
Likes: 9


  •  Member since:
    31 Oct 2016

    • Time spent:
      1d 20h 9m 46s

  •  Total level:
    1,073

  •  1 bugs found

Nice and informative guide :) Thanks for this ^

 

 

Want to add a tip of my own, that I tend to use whenever I'm unsure wether a site is real or not:

 

Inspect element (ctrl+shift+c) on the site you're suspicious of, then search (ctrl+f) type in ex: '  method="  ' If it says something.php it's likely a phishing site. Most commonly you'll see post.php and send.php on phishing sites..

 

 

method="post" means the form information is being sent via POST (there is also GET).  This is just the way the website gets the information from the submission form when you login -- it is in no way strictly something used by phishing sites. and then theres also the action="./blah.php" which is where you will be redirected and the information sent to after clicking the submit button on the form. again, this is used on every website..



Posted 07 November 2016 - 07:08 PM #7

Jedzio
Super Donator

Jedzio
Posts: 459
Likes: 302


  •  Member since:
    04 Nov 2016

    • Time spent:
      38d 4h 42m 57s

  •  Total level:
    1,798
    Awards

method="post" means the form information is being sent via POST (there is also GET).  This is just the way the website gets the information from the submission form when you login -- it is in no way strictly something used by phishing sites. and then theres also the action="./blah.php" which is where you will be redirected and the information sent to after clicking the submit button on the form. again, this is used on every website..

Took the words right out of my mouth.


Posted Image

Posted 07 November 2016 - 07:42 PM #8

Killer
User

Killer
Posts: 281
Likes: 53
Clan: Shavers
Location: UK


  •  Member since:
    06 Nov 2016

    • Time spent:
      2d 2h 40m 22s

  •  Total level:
    2,072

Nice guide my boy, lots of useful information 


4b45a68dbdf4d1b6eb7fc5d6d249f14a.png


Posted 08 November 2016 - 01:06 AM #9

Elsa
Veteran

Elsa
Posts: 238
Likes: 628
Clan: Prophets of Profit
Location: Sweden



  •  Member since:
    23 Jul 2016

    • Time spent:
      249d 19h 20m 40s

  •  Previous username:
    Love Lain

  •  Total level:
    2,277
    Awards

  •  9 bugs found

method="post" means the form information is being sent via POST (there is also GET).  This is just the way the website gets the information from the submission form when you login -- it is in no way strictly something used by phishing sites. and then theres also the action="./blah.php" which is where you will be redirected and the information sent to after clicking the submit button on the form. again, this is used on every website..

Yeah, cant say that it's strictly used by phishing sites, but if your suspicious website differs from the original in the manner of how it sends your login credentials, there's a chance something fishy is going on. Meant by all means not every website since I wrote "Your suspicious website".

Guess I wasn't clear enough, thanks for cleaning up for me.

The thing about redirection is further way of deception, used on every website mhmmh.. I suppose, but you can find hints there aswell, a professional website usually has some longer adress for the redirect login page, but an amature often links to an error page or just the index to the original website, whatever.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users