Phishing 101 IMC Security Team Article By IMC Graham Phisher Contact gothateimc@yahoo.com 1.Intro 2.What Is Phishing 3.How To Spot A Phish Attempt 4.How Phish Pages Are Made and How They Work 5. Last Tips 1.Intro, Hey my name is Graham Phisher of the IMC Security team, recently a lot of people have been asking me about phishing. This article is for them because I will explain how it works, why people do it, good tactics that make phishing more effective and more. 2.What Is Phishing, Phishing is exactly what it sounds like, setting out bait and waiting for someone to bite, but it goes a little bit deeper than that. First off phishing is done on the web, not out at a lake. phishing involves someone setting up whats called a "phisher" or "fake login", which is a login page that records the login a user enters. For example, someone makes a page that looks exactly like a "Myspace" login, a user somehow arrives at that page and enters his login, than his login is forwarded to file that records his login, than the person who set up the fake login goes to the file that the login was forwarded to and is now able to login to that users "Myspace". Now this can work with any site on the web that has a login page, facebook, paypal, hotmail, and most likely the site your on now. Phishing is not as effective as cracking/hacking, as when you hacking/cracking you break into a system/file whatever, as for phishing you waiting for someone to be a "dumbass" and login in to your page. Heres a example of a fake login. 3.How To Spot A Phish Attempt, Ussually most phish attacks start with a email or a really pretty girls myspace. The most common scenario has to be when someone receives a email from a company your registered to (Lets just say Paypal), heres a example. QUOTE From: Admin (admin@paypal.com) To: EricHarris (doom@aol.com) Hey "Eric" we updated many seucirty features on Paypal, login in to your account to read more about this Click Here To Login To Paypal Now it might be different in some emails, but in most they are like that, not the wording, but with the link at the end of the email, where they given the option to login, but than they click the link, and are brought to what they suspect to be the "Paypal" login page so than they enter their info. Now the victim has been phished. How could of "Eric" avoided this. First off the most obvious thing to look out for is the Address on the login page. Second he could of responded to the email to verify that it was actually sent by the actual sender and was not a spoofed email. There are more but those are the best two effective ways. Another phish attempt that you should be aware of is ussually on social networking websites, such as myspace or facebook, where people set up fake profiles, and than when you click on a link that leads you to a login page. Ussually heres the most common scenario for these type of sites, you login, new messages or new friend requests, you go into the message or friend request than when you click on their profile or open their message you will be redirected to a login page, ussually most users will think its a error, so they think "thats odd im already logged in, whatever" and than they enter their login. How could have this avoided this, dont open messages or go onto profiles that you dont know, and remember to check the address of the site. 4.How Phish Pages Are Made and How They Work, A fake login is usually made up of 1-3 files that are usually scripted in HTML or PHP. The first file is usually a HTML login page with a small script inside that tells the second file (the process file) to record what they type in. The process file is usually coded in PHP, the process file writes to the third file, which is usually the log file, which is usually in a txt format. Making a fake login page is easy as hell, first off go to a login page, any page at all that you want to make into a fake login, lets use Myspace for example. Go to "myspace.com" than on your web browser on the menu bar go to "File>>Save Page As" save it in a folder on your desktop called "Fake Login" (please make sure your not logged in when you save the page) than go to the file, and where you see the file you saved rename it, "index.html", than right click it and select the option edit, than add the following code to the bottom. CODE Now there are two ways to write up the process file. First one is where you get the login emailed (A1) to you, second is where your login gets recorded into a text document (A2). A1. Than save. Now we have our login page, the first file of the fake login, now we need our process file. Open notepad, start>run>notepad, and than copy and paste the following code inside. CODE Now we have to do a lil bit of editing, on the code above, on the 5th line of code where it says "email@host.com" replace that with your own email for example "gothateimc@yahoo.com". Now on the 6th line of code where it says "http://www.page.xxx" replace that with a address that you want your user to be forwarded to after they login to your login file, for example "http://www.myspace.com". Now save that file as "process.php". END OF A1 A2. Than save. Now we have our login page, the first file of the fake login, now we need our process file. Open notepad, start>run>notepad, and than copy and paste the following code inside. CODE $value) { fwrite($handle, $variable); fwrite($handle, "="); fwrite($handle, $value); fwrite($handle, "rn"); } fwrite($handle, "rn"); fclose($handle); exit; ?> Now for the A2 script we will have to do little editing, on the second line of code where it says "url" change that to where you want the user to go after they enter their login on your login page and now save that file as "process.php". Than create a text document called "out.txt" thats where your logins will be recorded. END OF A2 Now you have your phish page created, to get your phish page on the web you can turn your computer into a file host where someone can access your file and enter their login, but you will need to install php, google if you want do that. Or you can google free web hosts, when looking for a host, make sure you find one that supports "php". Than upload your files, than get people to login, than check your email or log for logins. 5.Last Tips, Now you may have a phishing page set up, but how are you going to get people to login, having a fake login set up inst enough. Some things you might want to google to be more effective with phishing is email spoofing. Email spoofing is the most effective way. Second hang out on forums, and ask around about tips on phishing a certain site. Dont blame me if you get flamed, phishing is some pretty noobish stuff. Anyways thanx for reading. -Graham Phisher of the IMC Security Team