8 replies to this topic

[Jedzio]

First off, lets begin with the definition of what a phisher is.

Quote
Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

-Wikipedia

Now for a more user/noob-friendly definition. The way it is called "phisher" can be related with the actual word "fisher", this is because it's basically what it does. It pretends to be something it's not and tries to fish in your passwords and in sometimes money if used with Paypal/Bank information.

It's a copy of the source code which is then modified a bit for it to be able to log your credentials. Sadly it's something fairly easy to do and that's why you see it more and more by he passing day.

Here's an example of a phisher I created for the purpose of this guide that looks exactly like Alora.(Note, I have not modified the source code in any way so it will not log any credentials, however if you feel a bit un-encouraged to proceed to the link, i'll post a screenshot of it.)

http://www.alora.byethost18.com/

Here's the screenshot of it for those that didn't want to click the link.



http://prntscr.com/d4dwmx

A few tips to avoid getting phished.

1) Right off the bat, look at the url. It looks strange right? ".byethost18.com" That's mostly due to the fact that these are made sadly by kids\teenagers that don't have the money to get a paid hosting\domain. Don't click suspicious links, nor go to strange websites with weird urls.

2) If it was sent to you via email\facebook\skype\ETC by someone you are friends with and you think you can trust, be careful. That person might be infected by a virus that is making him send that out.

3) Be smart. Now that you know a bit more about phishers, take a bit of time to get familiarized with other methods of SE(Social engineering) and on how to avoid it.

Well, that's it for now guys :)
If you have any other guide you feel I should make, comment here or send me a pm.

[Life]

Embed the photos, and the URL doesnt have ".comxa.com"

[F 8]

Nice guide man, very informative.

[Jedzio]

Embed the photos, and the URL doesnt have ".comxa.com"

The screenshot is too large mate.

[Elsa]

Nice and informative guide :) Thanks for this ^

 

 

Want to add a tip of my own, that I tend to use whenever I'm unsure wether a site is real or not:

 

Inspect element (ctrl+shift+c) on the site you're suspicious of, then search (ctrl+f) type in ex: '  method="  ' If it says something.php it's likely a phishing site. Most commonly you'll see post.php and send.php on phishing sites..

 

Also, if the site has https instead of just http it's defo a more secure site.

 

And ehm.. a last thing... Double check the adress as you enter the site.. If you got the link via ex: mail there's a chance the adress was first faked by linking a text that looks like the real site to the phishing site. So yeah... Be aware.

 

example: The site below doesn't actually link to Alora.io !!!

 

https://www.alora.io

[Penta]

Nice and informative guide :) Thanks for this ^

 

 

Want to add a tip of my own, that I tend to use whenever I'm unsure wether a site is real or not:

 

Inspect element (ctrl+shift+c) on the site you're suspicious of, then search (ctrl+f) type in ex: '  method="  ' If it says something.php it's likely a phishing site. Most commonly you'll see post.php and send.php on phishing sites..

 

 

method="post" means the form information is being sent via POST (there is also GET).  This is just the way the website gets the information from the submission form when you login -- it is in no way strictly something used by phishing sites. and then theres also the action="./blah.php" which is where you will be redirected and the information sent to after clicking the submit button on the form. again, this is used on every website..

[Jedzio]

method="post" means the form information is being sent via POST (there is also GET).  This is just the way the website gets the information from the submission form when you login -- it is in no way strictly something used by phishing sites. and then theres also the action="./blah.php" which is where you will be redirected and the information sent to after clicking the submit button on the form. again, this is used on every website..

Took the words right out of my mouth.

[Killer]

Nice guide my boy, lots of useful information 

[Elsa]

method="post" means the form information is being sent via POST (there is also GET).  This is just the way the website gets the information from the submission form when you login -- it is in no way strictly something used by phishing sites. and then theres also the action="./blah.php" which is where you will be redirected and the information sent to after clicking the submit button on the form. again, this is used on every website..

Yeah, cant say that it's strictly used by phishing sites, but if your suspicious website differs from the original in the manner of how it sends your login credentials, there's a chance something fishy is going on. Meant by all means not every website since I wrote "Your suspicious website".

Guess I wasn't clear enough, thanks for cleaning up for me.

The thing about redirection is further way of deception, used on every website mhmmh.. I suppose, but you can find hints there aswell, a professional website usually has some longer adress for the redirect login page, but an amature often links to an error page or just the index to the original website, whatever.