Monday, June 18, 2012 3 comments
How to send phishing page to the victim
Phishing is the most used trick for email account hacking but most of the people think this trick as not working. But in My opinion, this is the best and most successful trick for hacking. Trojans and keyloggers are detected by Antivirus programs but this one is not. The only thing about the phishing is how ou are creating the phishing page and sending it to the victim.
The success of phishing depends on you. If you just save the login page ans host on a free host. Do you think the internet user is so dumb to login via you url. Why they will use your page if they can type facebook.com on URL bar. 60% so called hackers just do this and think they are phishers and suggest people not to use phishing as being hacker. what the shit.
DO you really know Phishing has 70% share in big cyber crimes. Then how can it be waste. Today i am going to write few tips which can be helpful to use phishing as a hacking method.
1. Use of fake login form just like original one is the simplest way but have 10% success rate. So Never use this. Try to think somethink innovative and create some offer page related to the account you want to hack and then try to get attention of users towards your offer. Now what should be the offer. Here comes social engineering. Try to know about the victim more and then think what he likes more and want to get. then try to relate that with your offer and then create the page. EX: a year back in orkut, most of the persons wanted to know who is invisible on chat. There are many tricks. At that time i use a invisible person finder offer as a phishing.
2. Keep your page as real as you can. So you need to know better understandings of website design. Better website design looks better and real. You have to work hard on that.
3. Always send a long URL to victim ex: www.yourdomain.host.com?url=www.google.com/asdf/login/offer/winprizes&method=login
Here URL is only www.yourdomain.host.com rest query strings are to confuse the victim in url.
4. Always create a better html email which attracts the victim and looks some professional. A simple plain mail doesn't have good impact.
5. you can use dns cache poisoning to poison victim system's cache to redirect his browser to your phishing page automatically when he try to connet original website. In this way simple login form will also work. But you will have to manage DNS poison.
6. You can also use tab napping to send phishing page.