View Full Version : Phishing scams - need you to sign in?
I've been noticing a lot of phishing emails lately. It was my belief that in order for them to successfully steal your information, you had to follow their link and sign into whatever page they have.
Some of the "fine folks" offering services for this say all they have to do is get the victim to open the e-mail, nothing more.
What's the truth?
You either login your information to someone's custom built page or simply open their e-mail?
Moonbat
11-07-2006, 09:12 PM
You have to login. Phishing works by getting you to log in to or enter information in a false site. This false site logs all the info and gives it to the phisher. So opening the email does NOT do anything.
nozf3r4tu
11-07-2006, 11:56 PM
i agree,they will have to log in.You can also use the same thing to send and html email pretending to be from your{thier} server and use the click link to get them infected.Not long ago i made a nice one from xxx server,appeared to be the real thing,and a... yeah i included a nice keylogger for the victims to download as a "new virus scanner" feature.Now im in need of a nice online anonymous mailer that let me send attachments{.exe} anybody know of one? private message me ok
Ezekiel
11-08-2006, 12:00 PM
I've been noticing a lot of phishing emails lately. It was my belief that in order for them to successfully steal your information, you had to follow their link and sign into whatever page they have.
Some of the "fine folks" offering services for this say all they have to do is get the victim to open the e-mail, nothing more.
What's the truth?
You either login your information to someone's custom built page or simply open their e-mail?
It is possible, but it's not phishing.
First, a definition of phishing. Phishing is the art of using social engineering to obtain sensitive information.
To get into someone's account by them simply opening a link, their webmail service must first be vulnerable to malicious code being injected into emails (without filtering). With that established, an attacker can embed malicious javascript code into an email to you, which sends your cookie data to a remote server, either through an iframe or just a plain javascript redirect. With their cookie information, you can steal their login session and use their account for a limited amount of time.
Which is why it is possible to steal accounts by the victims simply opening an email. Vulnerabilities in the filtering of incoming emails are often the most damaging to a webmail provider, bypassing the usual need for the victim to click a malicious link to put themselves at risk. But as said before, this isn't phishing. Phishing is a very basic and unsuccessful method of obtaining login details; the more successful attacks utilize vulnerabilities in the webmail site itself.
dipman44
04-28-2007, 07:57 PM
ya i actully made a fake login screen and i made a code with an in****ble link all over my profile and if you clicked anywhere you went steight to it and you would not beleive how many dumb asses fell for it but sadly that code with the in****ble image was patched if you want you can download the fake login screen below and use it for your own use if you want you could just erase all the myspace stuff and make it into a fake login screen for yahoo or hotmail or something or maybe just think of another way on myspace
download link: http://login2myspace2.t*5.com/(new) wdyl 2007 hacking ones myspace username and password.zip
NOTE: THE CODE IN THE FILE FOR THE LINK ABOVE DOES NOT WORK ANY MORE THINK OF A DIFFERENT WAY TO MAKE PEOPLE GET TO YOUR FAKE LOGIN
ps this has a brand new myspace login screen
aryan2807
06-08-2007, 12:30 PM
Hi mike!
I am new to all-nettools and very much impressed by ur skill !!
:)
Powered by vBulletin® Version 4.1.8 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.