All About Phishing: Construction Of Phishing Page, Safety Tips, Working
Wednesday | | |PHISHING:
What is Phishing??
Phishing is gaining popularity these days... its coz its easy and many people can be tricked into it.
recently one of my friends google account got hacked. it was a case of successful phishing. Here is how it works...
First the attacker creates a web page that looks exactly like the login page of any website (like google or yahoo) whose login he wants to steal. However the page is similar just in the appearance the behind the scene code is different. the difference lies in the way of processing the submitted data. That look-alike page is then hosted somewhere on the net. The attacker then somehow tricks the user to visit that page. since the page looks exactly like the original service page he tries to login with ID and pass
In the original page the login details goes to the server which first authenticates, after authentication it checks if the relavent cookie is already present then renews it or bakes a new one if its not there... here is how the login process is completed.... only after that the user is redirected to its account. (COOKIES--- there is more in them, we'll create a new thread on them)
However in the phishing page however similar they might look to the original page, behind the scene work is completely different. when a user gives his login information on that page the data is relayed to the attacker instead of going to the original server of authentication. The user just gets a message like "wrong password" etc.
Since the process is complete,by now the attacker has your login detail. here the chain completes... the user will never be taken to its account as the attacker has just no control over the original server.
