Home » Headline, Phishing

Phishing attack techniques.

30 January 2009 1 views 7 Comments

phishing2Once an attacker puts together a phishing website, how does he go about getting victims to go to it? The methods are unlimited, but for those of you who lack creativity, I have put together some of the most common methods used.

  • The attacker could add links to web pages with the legitimate website name in the anchor of the hyperlink like the following:

    <a href=”attackersite.com”>www.yahoo.com </a> .

  • The attacker could redirect hacked websites to his fake login page. This will confuse some people, making them think they have to login to their email to access the site. Yes, I know that sounds ridiculous, but people do fall for that. An attacker could use HTML, PHP, and Javascript to redirect the main site, but the most effective way is to insert a “.htaccess” file that redirects all traffic instead of just certain pages.
  • The attacker could use XSS (Cross Site Scripting) techniques found in the real websites site to redirect to his website. This is more common in lesser known email service providers. An example is: www.Targetsite.com/mail.php?inbox=<script>window.location = “http://phishing-site.com”</script> . This is more deceiving because the victim is first directed to the legitimate website where he is automatically redirected to the attacker’s website via an XSS vulnerability.
  • The attacker could send out a mass amount of spoofed E-Mails with links to his phishing website. These E-Mails will look like they came from a legitimate source.

If you would like to learn more about carrying out phishing attacks, see The Hacker’s Underground Handbook.“”

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

7 Comments »

  • MrCracker.com - all things hacking » Blog Archive » Fake login page said:

    [...] posted about phishing and the techniques attacker’s use to spread their phishing sites. Now, let’s look at how they create these [...]

    # 26 March 2009 at 8:48 pm
  • corey said:

    hey whats up Mr. cracker. I need help. I want to know how can i hack a website so i can view its contents. the website is like a training course and the course is filled up plus i dont have the money to join anyway. so can you please show me how to hack it. thank you.

    # 6 September 2009 at 10:16 pm
  • David (author) said:

    its not something you can explain in a comment post, i recommend you start here: http://www.learn-how-to-hack.net

    # 8 September 2009 at 1:21 am
  • zul said:

    where to add d link? Is it in d index.html?

    # 9 December 2010 at 9:16 am
  • David (author) said:

    @zul, you replace that link “realsite.com with your own link. no, index.html is its own page, and phish.php is its own page.. they are both separate pages.

    # 10 December 2010 at 4:57 am
  • zul said:

    i mean this link http://www.yahoo.com

    # 14 December 2010 at 6:35 pm
  • zul said:

    # 14 December 2010 at 6:36 pm

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.