Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
How to create a Phishing page of a website?
Phishing is a type of social engineering attack which is often used to steal user data, including login credentials and credit card numbers and sensitive information without their knowledge that it is being extracted from them.
The goal of a phishing attempt is to trick the recipient into taking the attacker’s desired action, such as providing login credentials or other sensitive information.
Phishing Techniques
There are different types of phishing techniques which are as follows −
Deceptive Phishing
A phisher sends bulk email with a message. Users are influenced to click on a link. These emails are broadcast to a wide group of recipients with the hope that the unwary will respond by clicking a link to or signing onto a bogus site where their confidential information can be collected.
Spear Phishing
It is one of the techniques which uses your information in order to trick you into thinking you have a relationship with the sender. Spear phishing is one of the targeted attacks in which the hacker knows which specific individual or organization they are after.
Session Hijacking
Session Hijacking is a kind of phishing attack where user’s activities are monitored clearly until they log into a target account like the bank account and establish their credentials.
Keyloggers and Screen loggers
Keyloggers and Screen loggers are particular varieties of malware that track keyboard input and send relevant information to the hacker via the Internet. These attackers can embed themselves into the user’s browsers as small utility programs.
CEO Fraud/ Whaling
Hackers attempt to gain executive and director information in order to access their email accounts. It can be easier as executives typically don’t attend the same security training that employees are subject to.
Content-Injection Phishing
Content-injection phishing means inserting malicious content into a legitimate website. The malicious content can redirect to other websites or may install malware on a user’s computer and also insert a frame of content that will redirect data to the phishing server.
Employees of the organization are more susceptible to Phishing. This is also called a system User group for an organization. Attackers target groups rather than individuals as they have high chances to get the data. This is because attackers usually target to steal the organization's data.
They send these spam mails to the organization Domain server through which every employee in the organization receives email citing as urgent. When these emails are opened employee login credentials are known to the attacker thereby getting the organization data.
Apart from this, persons who interactively perform online transactions are also targeted by the attackers.
Example
Create a phishing email for any company, so that they consider the received email is genuine.
Subject: Notification From: ithelp@poIkclibrary.org(link sends e-mail) ( here the 'L' in polk is capital 'i'. this will make them think it's an email from their own IT department.) Date: 15/8/2021 6:38 PM Dear User, This message is from the itsec@polkcolibrary.org messaging centre to all the account owners. We are currently upgrading our database and email account centre. We are cancelling unused email accounts to create more space for the new accounts. To prevent your account from closing you will have to update it below to know it's status as a currently used account. CONFIRM YOUR MAIL IDENTITY BELOW Email Username : Email Password : Date of Birth : Warning!!! Any account owner that refuses to update his/her account within Three days of this update notification will lose his/her account permanently. Sincerely, IT Support Team(poltcolibrary.org)
No logical algorithm can be used to identify the website if it's legal or phishing. Well one can browse for the legal website and confirm, else you can guess the phishing site if you find something odd in it.
5K+ Views
