Phishing emails

There are many who wanted to get into someone else email. One way to do is phishing. This works on all and any email account as long as victim is careless.  So the sole purpose of the providing this information is to protect yourself. (DO NOT TO TRY THIS ON OTHERS!)

tools you need

1.      notepad

2.      A free web hosting site , It doesn’t matter if it’s an evaluation version , as long as they don’t put ads on your site its good enough.  It should support server side scripting such as PHP or ASP and a database like SQL

Mehod:

For his example lets use yahoo. But unlike classic version with yahoo new version we have some problems bit too technical to discuss here.

1.      Create a bogus email account at your victims mail provider. This e mail address should have a feeling of auto generated.  For example in yahoo you can try something like YahoooDeamon@yahoo.com This is quite similar to the email of auto generated notices in real yahoo. But if you look careful you will see an extra ‘o’ in the address. Recently yahoo is not giving out this kind of addresses, so you have to be bit creative and find a valid address.

2.      Save the login page of yahoo. Open it in the note pad in the form tag as the “action” you will see a path of validating script at yahoo server. Change it to the your webservers address. (example http// www.myserver.com/myphp_page)

3.      In your web server(My server) upload a serverside script to grab the parameters passed by your form and to store them in the database. And then to redirect to the original yahoo site.If you don’t know how to do this I recommend learning  a bit about PHP and MYSQL. It’s not hard J

4.      Upload your copy of edited yahoo login page. Now if you accecss  this web page it should show something looks identical to yahoo login page. But it’s a different page hosted in a different place and if you fill in usename and password and submit it should go to your DB through the php page. Not to original yahoo site.

5.      Now you are all ready to go. Create an email using your bogus mailer deamon account saying something like

“Hi, This is auto generation wizard at yahoo.com We need to reconfirm your identification. Please click in the link below. https://validate.Yahoo.com”

Using <a href > tags you can redirect  the above address to a totally different place while on the email victim only see yahoo.com  So for the real address give the address of your bogus login page. Sometimes you may need to do a bit of html editing <window> tag and a small java code to get the necessary effect. You don’t want to open the loginwindow inside yahoo inbox frame!

6.      Wait few days till victim access account and check the database.victim will open our email and mistake it for an autogenerated message by yahoo. He then clicks the link and our bogus login is displayed. If the user is not careful to check the address bar at this time (Have you ever checked it yourself before ? I don’t think so! So next time be carefull) he may mistake it for original yahoo window asking for password. If he filled that textboxes you have him!!

Preventing:

Never ever fill your usernames or passwords unless you know what you are doing!