Phishing pages? Again? Really?!
And the skiddies have done it again. But now they have evolved! Let me put this blogpost into a bit of context before I proceed.
What the heck is Phishing?
Well phishing is a method that hackers, well let’s use correct terminology, script-kiddies use to hijack accounts. They basically create a landinglogin page very similar to a popular web based service such as (Facebook, Twitter, gmail, hotmail etc…) and then they buy domain names that are also very close to the real service’s name such as (Fac3b00k.com, itwitterl.com, h0tma1l.com…) with small typos as you can see, that you wouldn’t even notice.
You are drive by your predisposed urge to enter your credentials whenever you see a login page, and BOOM! Your account is hijacked almost instantly. The password is changed (If the phishing page is good, automatically) and if the skiddy is not good or knows no programming language, heshe will change it manually at a later stage.
Let’s take an example. Today I got the following direct message from a friend:
and almost instantaneously I clicked on the link. It was a shortened URL so I couldn’t see the actual domain I was visiting. I landed on this page:
Now i’m confused, why is it asking me for credentials?! Since I have a little bit of hackingdeception background and I’ve played these games before, my quick reaction was… hehehe, nice try. I looked at the address bar and it said: http://itwitterl.com/session-timed_out/
Wow! Twitter have a new domain name!
I then entered false credentials and here’s where I landed:
Whether you put correct credentials or false ones you will always land on this page. Because this website is not the actual Twitter, and they cannot actually log you into the service!
Ohhhh… how can we tell the difference next time?
You can tell the different easily, as long as you don’t rush to put your credentials quickly whenever asked without checking the legitimacy of a certain website first.
Here’s the actual twitter page:
If you spend a second or two looking at both images you will see there is a lot of difference! The skids are not up-to-date!
Tips for not falling into this trap again, and what to do if you are a victim
Below are 4 tips of making sure the website you are logging into is legit:
1. Check the address bar, make sure the domain name is correct.
2. Check the title, many skids forget to fix the title of the page they created.
3. If you are logged into a service and you haven’t closed your browser it will not make you login again unless you’re changing critical information using their platform. They will notify you.
4. Check the favicon, some skids forget to update theirs as well.
I’m a victim 🙁
If you provided your credentials for this fake service, instantly go and change your password! If you were one of the few unlucky ones who have had their password changed for them. I’m sorry to tell you, your account is lost unless you still have ownership of the email address andor you still remember your secret question or answer. Then you can use the “forget my password” feature available for most if not all popular services.