Examining the Phishers
Phishers use many different permutations of techniques to launch phishing scams. The aim of this section is not to attempt to enumerate all of the techniques. Instead, the goal is to help you understand the thought process, capability, and psychology of the average phisher. In the following paragraphs, we will take a look at four unique case studies based on the examination of phishing sites to understand how they have been set up and how they work.
No Time to Patch
In this case study, we will look at an average phishing site to uncover how a phisher may have compromised the server hosting the site.
Figure 7-2 illustrates a phishing site targeting an online shopping portal. It is interesting to note that the phishing site boldly and blatantly asks the victim for personal details, such as date of birth and mother’s maiden name, right on the login page. The institution’s real and legitimate website requests only a username and password from users.
Figure 7-2. Phishing site targeting a well-known institution
Note
The fact that the phishing website asks for unnecessary private information at the login page should send red flags to users, yet thousands of victims do not have the awareness to identify the situation, and even users who are technically savvy are often distracted by the site’s legitimate-looking logos and visual layout. Phishers are aware of this situation ...
Get Hacking: The Next Generation now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
