What is Phishing?
On a day-to-day basis, every one of us uses a web application. You might be using an application on your smartphone, desktop, or any web browser. So suppose, you come across any situation where you have to give your credit card details in order to buy something online. And you have two options. One is a website you have used before for shopping online and is a big enterprise company. The other website is new and you might never hear of it before. But this website gives the same product with great discounts. Which one will you choose?
It is obvious that you will choose a website that you trust more, which is the old e-commerce website. This is because you don’t trust the new website. This psychology is what an attacker takes advantage of during a phishing attack. The attacker takes advantage of this trust and impersonates himself as a fake entity to steal your sensitive data. For example, credit card details.
Phishing is a technique of gathering sensitive information about the target such as usernames, passwords, etc by disguising as a trustworthy entity. In this attack, an attacker tricks you into believing that he’s a trustworthy entity. Then steal your sensitive information by tricking you to put that information in a fake entity.
How Phishing works?
Every web application is connected to a web server. When we use a web application, there is some data or information that flows from your computer to the server and back.
So what happens in a phishing attack is the attacker disguises himself as a web server. You think you are communicating with the actual server. But in reality, you are communicating with the fake web server created by an attacker. So, when you enter sensitive information on that server or application interface. The attacker steals your credentials.
The first step of any phishing attack is creating a fake website. The second step is sending this fake website to a victim. This can be done by various methods like setting up an SMTP server, direct messaging, or through social media.
Phishing attacks are crazy easy to do. There are a number of tools available over the internet to do this kind of attack. For example Blackeye, BeeF-Framework, Simple Phishing Toolkit, and so on.
How to perform a Phishing Attack?
WARNING : The following tutorial is for educational purposes only.
For performing a phishing attack, we will be requiring any Linux Distribution installed on your computer and internet connection. Any Debian Linux/GNU is preferred over any other Linux distribution. Kali Linux is the best hacking OS developed by Offensive Security.
Boot up your Linux, we will use the tool Blackeye for this attack. Then go to the link below and download the source code for the tool. Start terminal or shell.
https://github.com/An0nUD4Y/blackeye
The alternative way to get this tool is to type the following command in your shell.
After this, type the following commands in your terminal.
This command will change its directly to blackeye directory.
This Command List The Contents Of Directory.
This command will execute the bash script.
As the script runs, you will see this on your terminal. Type the index of the web page you want to impersonate.
Send the link to the victim and wait for the credentials. The victim will be directed to a fake login page.
the page looks legitimate and as soon as the victim enters credentials. it will be saved to your OS.
How to defend yourselves against Phishing?
The most important part to defend against a phishing attack is the URL. So, the first important thing you have to keep in mind is to never enter any sensitive information on the site you don’t trust. When you type the URL yourself, you know it is a genuine web application. But if there is some random web application that you have never heard of before. And that application is asking you for sensitive information especially your bank details. Don’t do it, don’t trust any untrusted web application for sensitive information.
So, check if the URL is legit. Suppose if you want to go to Facebook, the URL is www.facebook.com. The other important thing you can check is if the page is HTTPS secured. HTTP is a hyper text transfer protocol and HTTPS is a secured one. HTTPS uses encryption which can confirm legitimate websites.
If you further want to check if the website is not fake. Then left-click on the lock icon beside the URL and check for certificates. If the website uses standard encryption and verified certificates, you can trust it.
