DIY Phishing Scam for Novice Hackers

  • S06E30
  • April 16, 2013

R0bb13 and cHr157a hack the Twitter homepage to demonstrate how easy it is for hackers to create phishing sites to gather steal personal information. The same lesson applies to your online banking, and more.

This video is provided free of charge. If you enjoy what we do, please consider becoming a Patron so we can continue offering more great content.
Support This Free Content
Notes:
Following along in the chat logs? Please note that the show started at 7:15pm this week due to technical issues with our audio system. So 7:45pm in the chat logs in fact coincides with 30 minutes into the video.
This episode is sponsored in part by: netTALK DUO, Netflix, Eco Alkalines.

Topics Covered:

  • Robbie Ferguson and Christa Wells present from the Category5 studios in Barrie, Ontario.
  • On Episode 289 Robbie introduced the show as Episode 298.
  • The new audio-only feed is coming soon.
  • Welcome to our new registered viewers!
  • {play 8:19}Feature: Building a Phishing Site (To Demonstrate What to Watch Out For)
    • Note: We use the term "Hacker" loosely. Anyone with a little web programming knowledge can do what is demonstrated, and that's the point of the demonstration.
    • How easy it is for a hacker to create an exact clone of any web site, such as Twitter, Facebook or even your online banking login.
    • How a hacker might make a URL trick you, at least at first glance, into thinking you're looking at the actual web site.
    • A hacker might remove or otherwise edit the form actions on a phishing site to point to their own script. In our case, we simply delete the action, which means when the user submits a form, it reloads the same page, but not before sending the information you enter in a PHP _POST array.
    • Outputing the PHP _POST array to see what is being submitted.
    • Robbie looks over the file to determine which javascript is controlling the input form, and does some minor edits to customize what the form does.
    • Hackers can intercept your username and password, save them to a database or even have them emailed to themselves.
    • With your username and password, it's quite possible the first thing a hacker will do is change your password to stop you from accessing your own account.
    • How hackers may distribute their phishing form using social media or email.
    • Using email, hackers can spoof link addresses, making it look like the link in the email goes to a real web site (for example, Facebook, Twitter, or PayPal), but actually linking to their phishing form which gathers your usernames and passwords when you "login".
    • How a user can determine if a link actually points to where it says it points.
  • {play 30:56}Top Hacker Stories from the Category5.TV Newsroom
    • {play 35:33}Using "admin" as your login on Wordpress could lead to your site being hacked. Some thoughts about not just password strength, but also username strength.
  • {play 43:56}Feature... Continued. Phishing Scams
    • If you have a domain (web site), a whois query can be performed by anyone in the world which allows them to obtain your mailing address, phone number, and other personal information. This is often used for phishing scams and can lead to the loss of your domain (or worse) if you fall for it.
    • Another way hackers / phishing scammers can trick you these days is by building fake online tax filing systems. In all cases, trust only those you know to be legitimate, and use the techniques you've learned here to determine if you're looking at a real web site, or a phishing site.
    • Creating accounts on web sites which could be shady or otherwise compromized? Are you using the same password as your online banking, email, social media or other online services?
    • Viewer Question: Would an add-on which notifies about browser redirects warn you about the Twitter scam you demonstrated?
    • Watch out on Facebook.
    • What we learned from Burger King.
  • {play 55:57}ESET Smart Security 6 features Anti-Theft. Robbie blogged about how this feature could save a lot more than just your computer.

Links to Relevant Web Sites:

Discussion

Twitter Posts

Login to Category5

Error message here!

Hide Error message here!

Forgot your password?

Register on Category5

Error message here!

Error message here!

Hide Error message here!

Lost your password? Please enter your email address. You will receive a link to create a new password.

Error message here!

Back to log-in

Close