What is Phishing Scam?
Phishing attacks use both social engineering and to steal consumer’s personal identity data and financial account credentials. Social-engineering schemes use ‘spoofed’ emails to lead a user to counterfeit websites designed to trick recipients into divulging data such as credit card numbers, account usernames, passwords and social security numbers. Hijacking brands names of banks , E-Commerce and credit card companies , phishers often convince recipients to respond
The Common Method of Phishing
Other Methods of Communication
Email
Instant Messages
Message Boards
Guestbooks
Blog Comments
Viruses, Trojan Horses, Spyware
etc.
Cross-Site Scripting (XSS)
Targets the user, not the website
Javascript is what makes XSS dangerous (very dominant language)
Most commonly found web vulnerability
Impact underestimated or misunderstood
Type 1 (click the link)
A most common variety of XSS Requires the victim to click a link .When the victim clicks and the JavaScript code executes,and Cookies which is stored in your browser might be in the hands of the attacker. it does so in the context of the victim domain.
Attacker sends the user an email containing a code which specially Attacker retrieves the cookies from crafted link.The Spoofed email looking legitimate and laced with where they can be used to hijack embedded JavScript code. When the user clicks the link the attacker retrieves Users session or cookies which usually contains your web activities
Type 2 (HTML Injection)
A most dangerous variety of XSS Does not require a user click, just visit a web page. Commonly found in HTML E-Mail, Message Boards, and Blog posts
When User clicks to view an email message sent by an Attacker. The email message contains JavaScript from the web server logs where it contains exploit code which executes automatically,When the user loads the page, Attacker retrieves the cookies from the user Browser
XSS Can Be Used To…
- Steal cookies and hijack sessions
- Execute unintended website functionality
- Harass users with malicious code
- Alter any portion of the web page
Free Web Hosting Sites for Phishing
-
www.my3gb.com/
- https://www.000webhost.com
How to Prevent Phishing Attack
- Never click a scam Email
- Daily clear your cookies
- Never visit a Scam Website which is not safe
- Never participate in a survey
- Install Internet security software
The source of this Article is a pdf by Anonymous guy which i got from the internet.
Manjesh shetty is the Founder of GOPCSOFT & Co-Founder of SOSC Non Profit organization. He was Regioanl Coordinator of Mozilla during his college dats. He is a Part-time Tech Blogger, Mozillian, a Developer by passion, an open source contributor and FOSS enthusiast. His writing and Tech-talks focus revolved around Hacking, Techie Tutorials, SEO, and computer security.