In this page we are gonna see a detail explaination with examples on what is phishing attack and how it has been done. Also we will cover how to prevent ourself from phishing pages. Guide to detect phishing and saftey measures to be safe.
What is Phishing ?
In Simple words, Creating a duplicate login page of a official website and sending it to the victim to get there personal identity details like id, password and other details.
How it has been done by hackers ?
• First they will target a person whose private details they need.
• Then they will monitor the victim without knowing them from there activities like in which Website they are entering there login details.
• Now they will create a duplicate of that website login page. (For example, We took Facebook here to easy understanding..)
• They create a facebook login page by there own coding skills using html, css, js, php.
HTML - Hyper Text Markup Language
CSS - Cascading Style Sheet
JS - Java Script
PHP - Personal Home Page
• Once they Created a fake duplicate facebook login page which looks similar to real facebook login page.
• Now they send that fake login page url link to the victim and make them beleive its real. Also motivate them to login. (may be they also send from third person or from any public posts)
For Example : Lets imagine, victim is a car lover. Then the hacker will say them or portrait like, login to facebook account to check for new model cars. And our poor victim will fall for it and login into fake login page.
• When a victim click the link, they doesn't have chance to know its a fake page. They simply login to it.
• Once they logged in, it will redirect to official facebook page, or any error page or any other cars page like that... To make victim to not know he logged in phishing page, the hackers set redirect pages..
• Now by the use of PHP script the victim id and password will be stored on hackers device/server. They can simply view it.
• Now the Victim account has been hacked using phishing method and little social engineering skills by hacker. Now they can access victim account and changing some his post, personal details and whatever or misusing them. (if the hacker did the same with bank page, then the victim will lose there money)
• Phishing is most effective, depends on the hackers coding and social engineering skills. (social engineering mean, observing victim environment and making them fall with there likely things and cunning words..)
How to Identify Phishing Pages ?
Before clicking into any unknown links throughly check it out. Below i have given some differences between official and phishing page,
official page URL link Â» https://facebook.com
phishing page URL link Â» https://face-book.com
(You can notice the difference between those)
official page mostly uses https secured socket.
phishing page mostly usese http non secured.
(https:// can be find in URL bar at your browser)
official page doesn't include symbols inbetween
phishing page include some symbols inbetween
(symbols like - _ ? + , numbers and more)
official page links are not shortern links
phishing page links some are shortern links
(use this page
to reveal real destination)
official page design is much better
phishing page design may have some errors
(like font, image and alignment mismatch)
How to prevent our account ?
• Type some random words before login with your orginal id and password. If its redirects to orginal page or someother page or unconditional errors, then its a phishing page you can resist from avoiding those.
• Setup 2 Step verification to your accounts. Now a days in every social media , banking , eshoppings and more popular sites there is option to enable 2 step verification. It mean once you logged in with your real id and password it will send OTP to your mobile number only after you entering it correctly, you will be allowed in. (By setting up this, even you mistakenly logged into phishing, hackers can't able to login your account without your OTP)
• Do not click any links like offers and unknown links. Even you clicked, do not login your id anywhere without awareness.
• Keep Changing your password periodically and Don't set same password for all social media, banking or for other applications.
How to prevent ?
Lets say, you logged into a phishing page by mistake and then only came to know its phishing page. Now what to do in this case ?
• Change your password immediately before hacker do something wrong to your account.
• Set Two factor Verification even the hacker try to login due to this they can't login without your OTP.
In worst case, if you logged into phishing page and hacker have changed your id and password. Now what to do ?
• Try to do recovery option using forget password option. Or simply try to login with your old password and sometimes it ssys you logged with old password and asks like you need help. Choose yes and follow further procedures..
• The best solution for this is, Contact Support team. They will sure check and help you on hacked accounts. All you need to prove you are the official owner of the account by providing them correct details like full name, age, date of birth, primary email and some more stuffs as same like where in your profile or in some accounts by listing out friends. As last way, provide a photo of government issued id with good clarity which covers your name and date of birth. By verifying it they can allow you access immediately.
• Try to login or recover from same device you alwsys used login and Try to login or recover from same location and IP which you always used to login and use.
Be aware. Be Secure. Do not log into any unwanted pages like free recharge, free gems , free premium , free apps, free hacks , free mods.. Don't believe anything if they need your identity doubt everyone. Be safe.
Make your own phishing page
Did you Like to make some fun with your friends without harming anyone using phishing ? Then you can try our Phishing Attack Tutorials with ready made codes,
click here to check latest phishing attacks tutorial