file auditing
+ Reply to Thread
Results 1 to 6 of 6

Thread: Phishing scams - need you to sign in?

  1. #1
    Join Date
    Sep 2006
    Posts
    6

    Phishing scams - need you to sign in?

    I've been noticing a lot of phishing emails lately. It was my belief that in order for them to successfully steal your information, you had to follow their link and sign into whatever page they have.

    Some of the "fine folks" offering services for this say all they have to do is get the victim to open the e-mail, nothing more.

    What's the truth?

    You either login your information to someone's custom built page or simply open their e-mail?

  2. #2
    Join Date
    Sep 2006
    Posts
    1,651

    well

    You have to login. Phishing works by getting you to log in to or enter information in a false site. This false site logs all the info and gives it to the phisher. So opening the email does NOT do anything.

  3. #3
    Join Date
    Aug 2006
    Posts
    235
    i agree,they will have to log in.You can also use the same thing to send and html email pretending to be from your{thier} server and use the click link to get them infected.Not long ago i made a nice one from xxx server,appeared to be the real thing,and a... yeah i included a nice keylogger for the victims to download as a "new virus scanner" feature.Now im in need of a nice online anonymous mailer that let me send attachments{.exe} anybody know of one? private message me ok

  4. #4
    Join Date
    Sep 2005
    Posts
    2,053
    Quote Originally Posted by 607*
    I've been noticing a lot of phishing emails lately. It was my belief that in order for them to successfully steal your information, you had to follow their link and sign into whatever page they have.

    Some of the "fine folks" offering services for this say all they have to do is get the victim to open the e-mail, nothing more.

    What's the truth?

    You either login your information to someone's custom built page or simply open their e-mail?
    It is possible, but it's not phishing.

    First, a definition of phishing. Phishing is the art of using social engineering to obtain sensitive information.

    To get into someone's account by them simply opening a link, their webmail service must first be vulnerable to malicious code being injected into emails (without filtering). With that established, an attacker can embed malicious javascript code into an email to you, which sends your cookie data to a remote server, either through an iframe or just a plain javascript redirect. With their cookie information, you can steal their login session and use their account for a limited amount of time.

    Which is why it is possible to steal accounts by the victims simply opening an email. Vulnerabilities in the filtering of incoming emails are often the most damaging to a webmail provider, bypassing the usual need for the victim to click a malicious link to put themselves at risk. But as said before, this isn't phishing. Phishing is a very basic and unsuccessful method of obtaining login details; the more successful attacks utilize vulnerabilities in the webmail site itself.

  5. #5
    Join Date
    Apr 2007
    Posts
    109
    ya i actully made a fake login screen and i made a code with an in****ble link all over my profile and if you clicked anywhere you went steight to it and you would not beleive how many dumb asses fell for it but sadly that code with the in****ble image was patched if you want you can download the fake login screen below and use it for your own use if you want you could just erase all the myspace stuff and make it into a fake login screen for yahoo or hotmail or something or maybe just think of another way on myspace

    download link: [url]http://login2myspace2.t*5.com/(new) wdyl 2007 hacking ones myspace username and password.zip[/url]

    NOTE: THE CODE IN THE FILE FOR THE LINK ABOVE DOES NOT WORK ANY MORE THINK OF A DIFFERENT WAY TO MAKE PEOPLE GET TO YOUR FAKE LOGIN

    ps this has a brand new myspace login screen

  6. #6
    aryan2807 Guest

    Smile to mike

    Hi mike!
    I am new to all-nettools and very much impressed by ur skill !!


+ Reply to Thread

Similar Threads

  1. The Droid Library.. I wanna sign up
    By LianneP in forum General discussion
    Replies: 0
    Last Post: 09-03-2011, 10:57 PM
  2. Dont want any scams
    By Dougie in forum Internet Privacy
    Replies: 0
    Last Post: 02-22-2008, 03:11 PM
  3. phishing sites
    By urmom1 in forum Internet Privacy
    Replies: 6
    Last Post: 05-07-2007, 09:58 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts