Learn how to hack!

Learn how to hack even if you're starting today!

Limited time MrCracker.com Inner Circle Mother's Day Sale! 50% off!

Phishing attack techniques.

Posted on: January 30, 2009
7

Once an attacker puts together a phishing website, how does he go about getting victims to go to it? The methods are unlimited, but for those of you who lack creativity, I have put together some of the most common methods used.

  • The attacker could add links to web pages with the legitimate website name in the anchor of the hyperlink like the following:<a href=”attackersite.com”>www.yahoo.com </a> .
  • The attacker could redirect hacked websites to his fake login page. This will confuse some people, making them think they have to login to their email to access the site. Yes, I know that sounds ridiculous, but people do fall for that. An attacker could use HTML, PHP, and Javascript to redirect the main site, but the most effective way is to insert a “.htaccess” file that redirects all traffic instead of just certain pages.
  • The attacker could use XSS (Cross Site Scripting) techniques found in the real websites site to redirect to his website. This is more common in lesser known email service providers. An example is: www.Targetsite.com/mail.php?inbox=<script>window.location = “http://phishing-site.com”</script> . This is more deceiving because the victim is first directed to the legitimate website where he is automatically redirected to the attacker’s website via an XSS vulnerability.
  • The attacker could send out a mass amount of spoofed E-Mails with links to his phishing website. These E-Mails will look like they came from a legitimate source.
  • Get MrCracker.com's Free Ebook!
  • Stay up to date on all the hacker news.
  • Discover new hacker websites.
  • Get free hacker tutorials!

7 Comments

Leave a Comment

  1. Pingback: MrCracker.com - all things hacking » Blog Archive » Fake login page

  2. corey
    September 6, 2009 at 10:16 pm Reply

    hey whats up Mr. cracker. I need help. I want to know how can i hack a website so i can view its contents. the website is like a training course and the course is filled up plus i dont have the money to join anyway. so can you please show me how to hack it. thank you.

  3. David
    September 8, 2009 at 1:21 am Reply

    its not something you can explain in a comment post, i recommend you start here: http://www.learn-how-to-hack.net

  4. zul
    December 9, 2010 at 9:16 am Reply

    where to add d link? Is it in d index.html?

    • David
      December 10, 2010 at 4:57 am Reply

      @zul, you replace that link “realsite.com with your own link. no, index.html is its own page, and phish.php is its own page.. they are both separate pages.

  5. zul
    December 14, 2010 at 6:35 pm Reply

    i mean this link http://www.yahoo.com

  6. zul
    December 14, 2010 at 6:36 pm Reply

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>