Phishing Attacks explained for newbies
Hi everyone! In this blog post, I will explain to you how hackers create phishing websites, emails, messages and phone calls as simple as possible and I will also train you to NEVER fall into these traps.
# Phishing Websites
Nowadays, creating a phishing website is terrifyingly easy to do using basic open-source software, absolutely anybody including black hat hackers can create a phishing website for 100% free in 5 minutes.
Quick definition of a phishing website : A phishing website is a website that is designed to look identical to another legitimate website with the hopes of getting some accounts.
Okay so now that we know what a phishing site is, let’s see how it’s created.
- Traditional way
Scammers/Hackers hire somebody to code a website identical to another legitimate site then they buy a VPS to host the website on and launch it into the wild .
- Modern/Easy way
Scammers/Hackers use open-source programs such as BlackEye to automatically create a website identical to their target’s site and host it using free services such as ngrok for absolutely free. This process takes about 2–5 mintues max.
- How to spot phishing websites!
The first thing to do is to look in the browser’s address bar and check for the link. If the link matches with the legitimate website then it should be safe. As you can see, I found a spoofed website on the internet and you can tell that it’s fake by looking at the link. It says : ww17.faceboooook.com which is definitely fake . It also says it’s not secure BUT some smart hackers use https meaning that it won’t say that it’s not a secure website. But if the link does not match with the legitimate link, then it’s a phishing website and you should report it to either Google or the authorities.
# Phishing Strategies
Now that we understand what phishing sites are, how they’re made and how to spot them, let’s see how you might end up on one of these websites.
- Phishing email
Here’s an example of a phishing email. There’s not much to be said here. The e-mail looks exactly like on of Netflix’s e-mail. But if we look close we can see that the e-mail sender is not Netflix, but a random e-mail address. Now some things to be noted here are that hackers might use a technique called E-Mail Spoofing which ensures that the sender e-mail which the victim will see will appear to be from the original website. The way to tell apart from the fake one and the original one is click on “View more information” under the e-mail sender and check the certificate. If it says some random website/server that is not Netflix’s then it’s a phishing e-mail. Be cautious with these especially if you working for a company since they might lure you to install malware and infect the entire company’s network. Be cautious please!
- Phishing Text Messages
That’s an example of a phishing SMS/text message. Not much to say about these since they can’t really hide the link and you can tell right away that the link is for phishing but you can also check the phone number just to be sure. Then compare the phone number with the original company’s phone no.
- Phishing Voice Calls (Vishing)
These are one of the most dangerous because when you are talking with somebody on the phone, you subconsciously trust them more than you would have trusted them if they texted you.
If they ask you to click on a link or to give them something and you think that is suspicious please ask them fore some registration number , name and more information related to them. If they ignore you or say they are not required to give you that information then hang up, it’s a scam call. A few ways to realise weather it’s a scam call or not is to listen for suspicious requests such as “passwords”, “payment information”, “2fa codes”, “addresses” etc.
========================================
I hope this helped!
