Dear readers, today I will talk about the technique called phishing, a type of fraud designed to steal important sensitive information such as credit card numbers, passwords and bank account data and many other information.

What is Phishing all about?

Phishing is a ruse to induce users to reveal (through deception) personal or financial information through an email or a website, increasingly also through messages coming from widely used applications such as Whatsapp or Facebook.

The typical phishing attack is generated through an email message containing a link that based on what the attacker wants to recover, is hijacked to a site that apparently looks identical to the original one. It is presented as an official notification from a reliable source, for example a bank, but also a friend.

The message invites you to connect to a website (as I explained earlier), graphically very similar to the original one, asking you to enter some personal information such as, for example, your current account number or password.

This information is found by the attacker who can use it to appropriate the identity of the cheater.

Conduct a Phishing attack

Let’s go into detail and use as always our friend Kali Linux.

To do the test instead we will use a tool called “Socialfish“, written in Python.

We open a shell and launch Socialfish.py.

HOW TO PERFORM A PHISHING ATTACK WITH PRACTICAL EXAMPLES
HOW TO PERFORM A PHISHING ATTACK WITH PRACTICAL EXAMPLES 1

Confirm with y.

Now we can decide the destination of our Phishing:

HOW TO PERFORM A PHISHING ATTACK WITH PRACTICAL EXAMPLES 3

We select the option “2” to create our link to send to the recipient.

The tool created the link to send:

HOW TO PERFORM A PHISHING ATTACK WITH PRACTICAL EXAMPLES 5

When the recipient receives the email and opens the link, you will find this situation, the web page is virtually identical to the original one.

The recipient will then enter the Username and Password:

HOW TO PERFORM A PHISHING ATTACK WITH PRACTICAL EXAMPLES 7

That’s it, we have userid and clear passwords and other important information:

HOW TO PERFORM A PHISHING ATTACK WITH PRACTICAL EXAMPLES 9

Let’s try selecting Linkedin, option “3“.

We always follow the procedure described above and send the link generated by the tool to the victim.

When the victim inserts the login credentials into the fictional page similar to the original, in the shell listening we will see the result.

Think about the dangerousness of this technique, obviously the more credible the mail, the more the attack will have a high success rate.

Countermeasures to avoid a Phishing attack

As we can see the perfect web page, it looks 100% real….

But let’s see how we can figure out if it’s Phishing.

After receiving the email and clicking on the link, if we check the address visible on the url, we immediately realize that it is not the original one even if the page of the site is identical to the real one.

There are techniques that I will explain in another article that generate the link identical to the original one….

Be unfaithful when you receive emails asking you to enter your data, always check everything in detail.

Read also:

Join @tecnogalaxyorg on Telegram

Was this article helpful to you? Help this site to keep the various expenses with a donation to your liking by clicking on this link. Thank you!

Follow us also on Telegram by clicking on this link to stay updated on the latest articles and news about the site.

If you want to ask questions or talk about technology you can join our Telegram group by clicking on this link.

© Tecnogalaxy.org - It is forbidden to reproduce the content of this article.