Phishing is one of the most used terminology in hacking. In this article, we will discuss on how to do phishing, how attackers use phishing to steal your data and how you can avoid it. Also, this article is for educational purpose and we don’t support any illegal activities.
First of all lets discuss on what is phishing? Phishing sounds like fishing, and it is somewhat alike. Basically, phishing means stealing someone’s private data and credentials by disguising oneself as a trustworthy company, website, etc. Let’s see an example. If someone clones the login page of Facebook and sends you a link of it asking you to login and check then it’s phishing. However, this is a very simple example just to show how it works. Hackers are more creative than just copying a simple website and sending you message. It may come in form of mail, a notification or a text message telling you to check out something or take action on your account and a hell lot of more stuffs.
So, now let’s discuss on the steps used to conduct phishing.
How to do phishing?
Here are the basic steps using phishing.
- Clone a well known site such as Facebook, Twitter, or any site you might like. Basically clone the login page so that you get the password directly.
- Find a victim and send him the link of the cloned site asking him to login. It depends on your creativity how you do that.
- When the victim login in the cloned site you will get the details of the victim.
You can find how to do these stuffs online. The mostly used tool for this purpose is SET (Social Engineering Tools) and it can be used in Kali Linux. If you want a detailed article on site cloning and getting credentials, comment down.
How to avoid it?
Now let’s talk on how to avoid your data getting stolen by phishing. Here are some tips to avoid phishing.
- Never login in unknown sites : So, this is simple and self explanatory. There are many cases when a popup comes out of nowhere suggesting you to try some stuff. And when you click there it asks you to login via Facebook, gmail or some other social accounts. Don’t ever do that unless the website you are visiting is a trustworthy one.
- Creating accounts using gmail or Facebook doesn’t require password : You read it right. When you are creating an account for say a dating website using your Facebook account as an example. You will never have to use your Facebook password inside that website. The only thing you have to do is to grant the permission to it on Facebook. So, if it asks you to enter your Facebook password, think twice before hitting your keyboard.
- Don’t ever click link sent from email account you don’t know : Well, it doesn’t need further explanation.
- See the website URL before logging in : This is the most useful way to prevent yourself from phishing. Always check the web address. For example if a phishing address is asking you to log in, it will never have the same URL as the URL of Facebook “https://www.facebook.com” . It may have an IP address like “220.127.116.11” or some different URL like “www.facebOOk.com“. Notice that the second URL I’ve mentioned has capital O. So, if you pay proper attention you can distinguish a phishing site with real site.
So these are the basic stuffs you need to know about phishing.