Phishing is a technique used for stealing sensitive personal information such as password, credit/debit card details etc, through the help of a fake webpage that exactly looks like a webpage of a reputed organization.
In general words phishing is a fraud that is triggered by attacker to get financial credentials of the desired person. Phishing is very popular among the cyber criminals as it is easiest part of hacking not part but a little trick. In the process of phishing the attacker creates a webpage that denotes a reputed website but actually it is a fake page that saves the information in a particular file with the help of a script that is usually a php script.
When attacker prepares for a phishing attack, the only challenge that he has to face is to redirect the victim to the page prepared by the attacker. That is usually done through the medium of a mail containing the link to the attacking page and once the victim clicks the link he would be redirected to the page that is quite hard to recognize if it is original page of the entity or not. For example, suppose I am attacker and want to trap a person to get his Facebook username and password, the first step that I would be taking is to create a fake Facebook login page and force the victim to open the page that is hosted somewhere and type his login credentials (username and password), both the text fields are connected via PHP in such a way that the text entered would be automatically saved in a file hosted on the same server.
Generally attackers use to send email which looks genuine as if sent by the original entity because of logos and other identifying information taken from the original website, Besides mail the attackers can also redirect the victim to phishing page by making them click on the link and also malware can be used that would redirect the victim to the page. To make the phishing attack more effective the hackers redirect the victim to original site so that he/she may not be able to recognize that they are trapped.
To understand phishing more deeply have a look on the below diagram that explains the live phishing.
In the above diagram there is a victim, a server hosting a website and a communication channel. You can see how the attacker has interrupted the communication channel between the victim and the server by redirecting the victim to a fake webpage and then after again redirected the user to original website.
Although Phishing is not hacking but a fraudulent practice that is most commonly used by the attackers and everyday thousands of people are targeted by the attackers.
Here I have created a phishing login form that would help you to understand phishing more deeply. As practical approach is must. Below this text you can see a login form but actually what is hidden behind this form. Yea there is a PHP script that is working behind this but first you test this login form..
Now you can check what you entered in the below file by refreshing the page..
Now you have experienced how the attackers use phishing for targeting internet users. There is just a simple script that is working behind the login form you can read and learn about the PHP script for phishing in my another post.
0 comments:
Post a Comment