How to make a phishing site

Phishing site is fake sites that look like similar to original site, but its purpose is to get valuable data from original site customers. That data can be user names, credit cards numbers, emails and etc. In lecture was shown how in cafe hacker used fake internet access point and phishing site got cafe users credit card data. So I want to know how technically difficult is make this social engineering attack to work. I found that is very easy. To create fake internet access point is easy tool airbase-ng. And to make phishing site is extremely easy. First of all need to get original site html source and save it in new file. Then in that source need to find right form and change source to your created simple php script. That script saves all form variables in text file and loads original site. In this site is just simple example how to make Yahoo phishing site, but this script can be modified to most of sites. To avoid data phishing need to carefully watch a page address that offers to input sensitive data. This method of phishing has one weakness – it works only one time. That means that after one attempt to enter data you will be redirected to real page. So to avoid phishing need to put some fake data and submit form. Second time you’ll enter data in original site.

This entry was posted in IT Security, Week 22. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s