Once an attacker puts together a
phishing website,
how does he go about getting victims to go to it? The methods are
unlimited, but for those of you who lack creativity, I have put together
some of the most common methods used.
- The attacker could add links to web pages with the legitimate website name in the anchor of the hyperlink like the following:<a href=”attackersite.com”>www.yahoo.com </a> .
- The attacker could redirect hacked websites to his fake login page.
This will confuse some people, making them think they have to login to
their email to access the site. Yes, I know that sounds ridiculous, but
people do fall for that. An attacker could use HTML, PHP, and Javascript
to redirect the main site, but the most effective way is to insert a
“.htaccess” file that redirects all traffic instead of just certain
pages.
- The attacker could use XSS (Cross Site Scripting) techniques found
in the real websites site to redirect to his website. This is more
common in lesser known email service providers. An example is: www.Targetsite.com/mail.php?inbox=<script>window.location = “http://phishing-site.com”</script> .
This is more deceiving because the victim is first directed to the
legitimate website where he is automatically redirected to the
attacker’s website via an XSS vulnerability.
- The attacker could send out a mass amount of spoofed E-Mails with
links to his phishing website. These E-Mails will look like they came
from a legitimate source.
If You Enjoyed This, Take 5 Seconds To Share It
Once an attacker puts together a phishing website,
how does he go about getting victims to go to it? The methods are
unlimited, but for those of you who lack creativity, I have put together
some of the most common methods used.
0 comments:
Post a Comment