DISCLAIMER: PHISHING IS ILLEGAL. THIS BLOG IS FOR AWARENESS, SO THAT PEOPLE CAN BE AWARE OF SUCH PHISHING ATTACKS; HOW SIMPLE IT IS, YET HOW DANGEROUS IT COULD BE. SO DO NOT USE THIS KNOWLEDGE TO DO NEFARIOUS THINGS. THERE ARE MANY WAYS HOW YOU CAN BE CAUGHT AND CONVICTED. I DON’T TAKE ANY RESPONSIBILITY OF ANY SUCH ACTIVITY.

With that being said, lets get to know some ground level stuff about this attack(Phishing).

Phishing.

Phishing refers to Obtaining sensitive information of people(Bank Account numbers, credit card numbers, login credentials to various sites etc.) by pretending as legitimate and trustworthy web sites. So therefore using phishing, people can steal your social media credentials, bank account credentials and use the credentials to do nefarious things.

Phishing is divided in to various categories : Sphere phishing, Phishing with XSS, clone phishing, Phone phishing etc.

After reading this blog, you will have a comprehensive idea about phishing, so that when you are presented with a phishing email or message you can save your self and educate, warn and make aware and save others who may also get affected by the very email.

Sphere phishing.

The attack that is discussed here, in this blog, falls in to this category of phishing. The specialty of this phishing attack is that, people are more targeted. The attacker gathers as much as information as he can about the victim(s) and use the gathered information to make the phishing email/message personalized or more specific to the victim. Thereby making it extremely difficult for the victims to deny or even think that it is an attack. It is stated that 91% of phishing attacks are sphere phishing[1]

Alright then, now that we are thorough about what phishing attacks are, let us dive into the more interesting part.

How-to

Step 1:

Since this is going to be sphere phishing we are going to have to gather information about our target. In this case it is my neighbor. Hence it is very easy.
I have gathered the following info :

• My Neighbor uses SLT broadband.
• My Neighbor has been using it for, over 3 years.
• The name of my neighbor’s network is “XYZ” 🙂
• I have 4 bars of my neighbor’s WiFi. All I need is his password and I am in. Buzzinga! I know a place where he enters his credentials.

Step 2:

Now that we have all the information we need, time to craft an arrow that will never miss its target. We write the phishing email/Message (You can even pass on this information while having a chat with your neighbor. But if you think you might screw up, you can just use some IM). Here’s one I can think of.

“Hi Buddy, There’s this SLT loyalty giveaway program. It is for peeps who have been with SLT for over 2 years. They are adding 2.5GB for any package. I’ve been using it for like just over 2 and I got ^_^ . You have to hurry tho, it is only for the first few.”

Step 3:

Now all we need to do is create a phishing site that looks identical to the original site. Following 2 screenshots are the original and the phishing site respectively. Can you spot the difference?

Here I have changed the what is within the marquee tags, which acts as the title of the page. Of course, you need a custom domain, which could be easily found. Example hosting : byethost.com and domain : biz.nf. Or else you can use a url shortener, like http://goo.gl.

Step 4:

So once we sent the message/email (remember? the one we made up there), the victim follows the link and enters it to the phishing website and thereby, giving the credentials to us. Making a phishing site is very easy. All it needs is basic web programming knowledge. Here is the modified version of the original website code. The only thing that we need to change in the original site is the form action attribute. But in here, for ease I have changed some tag names.

This is the file that makes all the magic possible (The file referred to by the action in the phishing site), and you would be surprised what is in it and how easy it is :

As mentioned in the comment lines above the code in the above snip, user credentials are written into a file in the place where we have hosted the site. After capturing the user credentials, the victim is redirected to another page saying the offer is over.

Step 5:

Now all you need to do is log in to his/her network using the credentials you have. If you run out of data, you can even request for more by logging in to the original site 😀

Source code:
https://github.com/ihsanizwer/Phishing-Site/tree/master/www.internetvas.slt.lk/SLTVasPortal-war/application

How to avoid these phishing attacks

These steps can be taken to avoid and protect yourself from phishing attacks.

• Always be concious about the URL of the site. Check whether it is the original
• Keep in mind that http sites could be harmful. https are safer. you can verfiy the autenticity of the website by clicking the ‘lock’ before the URL in the browser
• Only trust messages sent by recognized parties
• Have spam filters in your email client
• If you are not sure about a website, first try with fake credentials to see if it is phishing.
• If you fall for a phishing trick immediately change your password/credentials
• Educate and warn others in case you find any phishing site.

References :