I've seen this around the news for a while: Hackers exploit new phishing technique to get login credentials of users.
According to the news, the main difference is that the address bar shows the url of the real site so even the tech savvy are getting hoodwinked.
In the above picture, the url of the real Gmail login page can be seen.
My question: How exactly does this phishing scam work?
Forum Thread:
When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen.
8
Replies
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
2
Replies
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
Metasploit Error:
Handler Failed to Bind
41
Replies
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
Forum Thread:
How to Run and Install Kali Linux on a Chromebook
18
Replies
Forum Thread:
How to Find Admin Panel Page of a Website?
13
Replies
Forum Thread:
can i run kali lenux in windows 10 without reboting my computer
4
Replies
Forum Thread:
How to Hack School Website
11
Replies
Forum Thread:
Make a Phishing Page for Harvesting Credentials Yourself
8
Replies
Forum Thread:
Creating an Completely Undetectable Executable in Under 15 Minutes!
38
Replies
How To:
Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
How To:
Find Vulnerable Webcams Across the Globe Using Shodan
How To:
Hack Apache Tomcat via Malicious WAR File Upload
How To:
Crack SSH Private Key Passwords with John the Ripper
How To:
Set Your Wi-Fi Card's TX Power Higher Than 30 dBm
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
How To:
Brute-Force FTP Credentials & Get Server Access
Hacking Windows 10:
How to Dump NTLM Hashes & Crack Windows Passwords
How To:
Hack WiFi Using a WPS Pixie Dust Attack
How To:
Hunt Down Social Media Accounts by Usernames with Sherlock
How To:
Unlock Facial Detection & Recognition on the Inexpensive ESP32-Based Wi-Fi Spy Camera
How To:
Dox Anyone
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
How To:
Exploit EternalBlue on Windows Server with Metasploit
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
How To:
Enumerate SMB with Enum4linux & Smbclient
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
How To:
Use SQL Injection to Run OS Commands & Get a Shell
How To:
Use Kismet to Watch Wi-Fi User Activity Through Walls
How To:
Write an XSS Cookie Stealer in JavaScript to Steal Passwords
2 Responses
It's not a real Google web page or a Google web address, just made to look like it. Experienced users do not fall for it. It redirects you to the phishing page when clicking an email attachment that directs you to the fake page. Experienced users should know that if you are reading your email in Gmail, you are already signed in. No need to re-sign in anywhere. Anywhere that tries is phishing. The reason this is more advanced is because it's using attachments to redirect.
That's correct. Also, not everyone looks at the address bar, and you can actually use PHP to make it look like a different address and you can get an HTTPS SSL for free. (Hak5)
Share Your Thoughts