Scam & Phishing

Nowadays launching a phishing attack or creating an online service fake website is quite an easy task for anybody. There is no need for advanced technical knowledge or significant financial resources.

Generally we tend to relate phishing only to fake webs of banking entities. However, there are also kits related to other online services such as Gmail, Yahoo, Youtube, Fotolog, Hi5, etc… as I have being looking.

It is possible to find information or even instructions of how to use these kits and how to carry out the attacks in forums, blogs, online videos, etc. Additionally, sometimes not only you can find the instructions but the tools themselves for free.
 
Below you can see some examples of the availability of these kits:

Phishing sample kits

The way these kits work is similar whether the attack is launched against a banking entity or any other service. Using a mass mailing tool, a fake message -which passes itself off as the real entity or service-, is sent to a wide list of email addresses. This message contains an obfuscated link of the legitimate URL which will point to a fake website imitating the original one.

If the users are not aware of the fraud and enter their login credentials to that service, that information will be sent via email to the cyber-crook or hosted in a file at the cyber-crook’s disposal.

Gmail Fake Service Phish

The phishing attacks are also evolving and not only are they hidden in domains similar to the legitimate ones.  I have recently read in the blog of Dancho Danchev a curious phishing attack against myspace. In this case, the fake website is located in a profile of the legitimate domain of myspace, in which the cyber-crook has inserted a fake login website to myspace service in order to obtain the access keys of the unaware users that try to login in order to see the content of the profile.

Fake Myspace

Read the next 2 Posts….

Advertisements

4 Responses to “Scam & Phishing”

  1. Hey you are interesed in form a hacking team???

    if you want= yes
    tell me
    else
    do nothing
    endif

  2. or leave me a comment on hack32.wordpress.com

  3. what trojan are you talkin’ about?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: