Hacking or ethical hacking is divided into many sections. One of them is called social engineering attack. Some people believe that social engineering is not a technical attack. But cyber security experts believe that social engineering attack is a most dangerous attack. Social engineering attack is further divided into subparts. The phishing attack is one of them. Now coming to the main point what is phishing attack and how hackers perform it?
- Ultimate guide to become an ethical hacker for beginners 2017
- What is proxy and how to become anonymous?
- How to hack Facebook password, really?
- Best operating system to learn hacking 2017
What is Phishing attack?
Suppose you received an email which says ” Hey login into Facebook account immediately to protect your account “. There will be a link at bottom of email. Now a normal person will login into his Facebook account without any hesitation. But in actual, this email can be from attackers. As soon as you click on login link, a login page will open up which will be same copy of original one. If you enter your username & password, attackers will receive your all login information immediately. This is called phishing attack.
How does it work?
The working mechanism of phishing attack is very simple. First of all, attackers clone the real URL. Then they enter their IP address. That is why when you enter username password, it goes to attacker’s fake server.
How to be safe from Phishing attack?
Well, although big giants like Facebook, Google are safe. But an expert attacker can use this technique very easily. To make sure that you are safe, there is only one way. The only way is, be careful while reading these type of emails. Not every email is fake and not every email is real. So read the email carefully. You can login to your account by visiting that website manually rather than clicking on the link.
How to perform it?
Before I tell you the method of performing phishing attack, I want to make you clear that as you know this blog teaches you ethical hacking techniques. Please don’t use this information for any illegal activity.
We will use Kali Linux for this tutorial. So open up your terminal in Kali Linux and enter following commands.
- enter setoolkit and after hitting enter you will see some options as below in the picture.
As I mentioned earlier, phishing is a subpart of social engineering attack. So type 1 and hit the enter key. You will some more options.
- We will use website attack vectors. So press 2 here. You will see the following screen.
- Choose option 3 here.
- choose site cloner.
- After choosing site cloner, we have to enter the IP address of our Linux OS. To find your IP address open a new terminal and enter ifconfig. There will be your Inet which is your IP address. Copy and paste that address in our first terminal window.
- Then it will ask you to enter the URL of the website. Open up any browser and go to the website page to which you want to clone.
- After a while, it will ask you to Y or N. Press Y for yes.
- Now you have got everything. Just copy the same IP address and send it to the victim.
- As soon as he/she enter the login information, you will get the whole info into computer/var/www/html. In html folder, a new text document will be created with username and password.
So this is how you can perform the phishing attack. If you have installed Kali Linux in the virtual machine then it will work only on your own computer. For performing it in the real world, you have to install Linux on the hard drive.