Hey! Male 36hear
Phishing attack ( most common way to get credentials from target/victim)
-
PHISHING ATTACKS
Phishing attacks (via links) is somehow most
common way to gain information from target/victim.In this attack the host/attacker generate a copy of The website for example (Facebook, Instagram Etc)
These website may look real, but you will enter the credentials, those credentials will be sent to host,
And they can access them.The attacker/host will send you a link, using ngrok web tunnels ( or other services) you can spot the difference between the real and fake link.
Real link : https://instagram.com/instagram
Phishing link(Example) : https://a1633asddde.ngrok.io
You can see the difference between legit and fake one. But there is a twist the hacker can mask the url into anything they want.
Masked link : https://[email protected]/Llqace
Somehow you can still see the difference between the marked url, if you accidentally opened link just check the search box, if that's a masked url then it will redirect you to to web tunnel and that will somehow look like this ( may change depends on the service host use)
-
The phishing link may say your Instagram login expired enter your password
-
There is copyright on your Instagram enter password to continue
-
To look this account you need to enter credentials
And many many more things.
I don't know if anyone cares or not & please ignore grammar mistakes if you want to know about tools and things host may use let me know
__EDUCATIONAL PURPOSES ONLY__
-
-
bro, that is some good education there. thank you bro..!!
-
hey I wanna talk to you
-
@AXES Thanks brother : )
-
@KaViNdU just ask anything if you want brother : )
-
you shared a big chunk of knowledge
-
@broken-soul just trying to find way to make people aware : )
-
@newuser can I ask something?
-
@broken-soul definitely, you can
-
@newuser there is a way people get to know peoples location by thier numbers what's it called?
-
@broken-soul yes there is but I will tell you the" legal ways", you can use phone OSInt tools, actually these OSInt tools search the query in the websites and services ( it just gives the information that's public) and if you have the target's phone number you can look up in into any "mobile number" search websites, it won't give you the correct adress, it would give you the country and state where the number was authorized/registered & if somehow if the victim is really dumb you may find information in "Truecaller application" that's available on play store
Use this for :
EDUCATIONAL PURPOSES ONLY. -
@newuser thanks man
-
Simple thing nvr visit site who dont own ssl certificate
bcz poor crackers nvr approve there tunnel for ssl for small period of time
-
@XR7_ -1
-
@KrypticBit -1