View comment

How phishing works explained by a Hacker.

by /u/Kaliningrad · 0 votes · 2024-03-06 01:40:00

I posted this the other day but i felt like it didn't reach enough people so sorry for the report.
This is a tutorial for educational purposes on how phishing works in beginner edition. I am trying to explain this so you have a better understanding on how it works so you most likely won't fall for it.
This is coming from a full time penetration tester and ethical hacker so please feel free to ask if you have any question that i can assists with.
First of all , the real hackers won't use any script kiddie tool as i see most of people doing online. No gophish , pyphisher , blackeye or any random thing on github. Professionals will create on from scratch to be identical with the current design of the website that they want to copy because most of the tools that i mentioned have old design of the popular sites. They will be a similar domain online to the site that they want to copy and host is somewhere on the world wide web. The site url may looks something like faceb0ok
After that site is ready the next phase begins. They are 2 ways how hackers deliver that site to their victims. SMS or email , or also called smishing and spoofing.
Hackers will send SMS with name ID using online API tools like : Twillio , Octapush , Azurra and so on. They will use a name ID like : Meta , Instagram or anything similar depened on their site. Something that you really need to know is that ...

While smishing , if that name ID of the attacker's sms is already on your SMS , it will trick your phone and your phone will exactly send it from the same message field as your old conversation with that name ID ( if there already is any in your inbox.) To make you understand better if you already have a message from Paypal sending you an random OTP code. And the attacker's SMS name ID is excatly Paypal , The phishing link and message will come below your OTP code , making it impossible even for cyber security experts to know that this is actually a phishing attempt.
The same thing happens with emails as well. The hackers will abuse the from field using SMTP servers online and those ones are free as well ( example : Brevo) and the same thing will happen as with SMS. If the from field is exactly the same with one of your contacts on the email , it will come exactly like this contact of yours wrote you with photo and previous conversations as well.

So be safe and never , NEVER put any credentials in emails or SMS. No big tech platform will ever ask for them. I hope i helped you understand how things work from a better perspective.

User: /u/Reveal1119

/u/madhatterexpressed obviously i dont have the experience. why are you so rude to me? like personally? because i feel targeted... do you own this site?... like orally? if you arent interested in what im talking about... dont answer d00d... like commmmmon... isnt interweb all about pass if ur not interested? or are you required to comment on everything? like by contract? because i looked with my big round tear stained eyes... and didnt see you are a mod... are you autocockmod? mAy your interpersonal relationships continue in the manner you have conducted thus far... STAY SAME ALWAYS prince... will remember you always just as you are! kind regards rev