I'll say something that might be the best way to snatch the credentials of your victim but i do not know how to execute it. Pros of NullByte, please shed some insight. Here is the method
If straight away you clone a facebook login page and send it to your victim they will understand its a trap and will not login to it and you will not get the credentials.
Then how to make them enter their ID and password to our phlishing site?
Notice how alot of webpages, polls, voting and all use your facebook/google account to authenticate them?
Check this webpage https://nh7.in/converse/vote Here, this page is an actual voting page. And the 'proceed' when clicked will gives a facebook login pop up. So am thinking if you could edit the source code of the page and make the proceed button give our phlishing page, it will be one of the best ways to use the 'phlishing' attack
* Am not telling you should edit the above page itself, i just took it as an example,
What i meant is editing the source code of any page that use facebook login and making the 'procced' buton the phlishing page
Is it possible?