- Joined
- Jun 13, 2020
- Messages
- 7,545
- Reaction score
- 916
- Points
- 212
- Awards
- 2
Phishing is the most common technique used for hacking Gmail account password and it has highest success rate while comparing to all other gmail password hacking methods due to its trustworthy layout and appearance. It do not need much technical knowledge to get a phishing page done and that is why phishing is widely used for hacking gmail passwords.
How phishing works?
In simple words, Phishing is a process of creating a duplicate copy of a reputed website’s page in the intention of stealing user’s password or other sensitive information like credit card details. In our topic, Creating a page which perfectly looks like Gmail login page but in a different URL like gooogle.com or gmaail.com or any URL that pretends to be legit. When a user lands on such a page, he/she might think that is real Google account login page and asking them to provide their username and password. So the people who do not find phishing page suspicious might enter their username, password and the password information would be sent to the hacker who created the phishing page, simultaneously the victim would get redirected to original Gmail page.
Example : Alex is a programmer who have little knowledge in web technologies (Gmail hacker in our context). He creates a login page that perfectly looks like Gmail login page with a PHP script in background that helps alex to receive the username and password typed in the phishing page. Alex put that phishing page in a URL – https://www.gmauil.com/money-making-tricks.html. Alex sends a message to Peter “Hey Peter I found a way to make money online you must check this out https://www.gmauil.com/money-making-tricks.html”. Peter navigate to the link and see a Gmail login page. As usual Peter enters his username and password. Now the username and password of Peter would be sent to Alex (that background php do that sending process) and Peter is redirected to a money making tips page https://www.gmauil.com/money-making-tricks.html. That’s all Peter’s Google account is hacked. Learn more about phishing.
How can you protect yourself from Gmail phishing?
Hackers can reach you in many ways like emails, personal messages, Facebook messages, Website ads etc. Clicking on any links from these messages would lead you to a Google account login page. Whenever you find a Google login page, you should note only one thing that is URL because nobody can spoof / use Google URL except when there are some XSS zero day vulnerabilities but that’s very rare.
Keeping these questions in your mind would prevent you from getting hacked of phishing. Also see the below examples of phishing pages.
Some super perfect phishing pages are listed below.
Note the misleading URL – Gmail / Google Phishing Page
Most people won’t suspect this page (snapshot given above) since there is https prefix with green color secure icon and no mistake in accounts.google.com. But this is a phishing page, how? Note the URL correctly. It is https://accounts.google.com.infoknown.com so accounts.google.com is a subdomain of infoknown.com. Google Chrome do not differentiate the sub-domain and domain unlike Firefox do.
SSL Certificates (HTTPS) can be obtained from many vendors, few vendors give SSL Certificate for Free for 1 year. It is not a big deal for a novice to create a perfect phishing page like this. So beware of it.
This is normal phishing page with some modification in the word Google.
How phishing works?
In simple words, Phishing is a process of creating a duplicate copy of a reputed website’s page in the intention of stealing user’s password or other sensitive information like credit card details. In our topic, Creating a page which perfectly looks like Gmail login page but in a different URL like gooogle.com or gmaail.com or any URL that pretends to be legit. When a user lands on such a page, he/she might think that is real Google account login page and asking them to provide their username and password. So the people who do not find phishing page suspicious might enter their username, password and the password information would be sent to the hacker who created the phishing page, simultaneously the victim would get redirected to original Gmail page.
Example : Alex is a programmer who have little knowledge in web technologies (Gmail hacker in our context). He creates a login page that perfectly looks like Gmail login page with a PHP script in background that helps alex to receive the username and password typed in the phishing page. Alex put that phishing page in a URL – https://www.gmauil.com/money-making-tricks.html. Alex sends a message to Peter “Hey Peter I found a way to make money online you must check this out https://www.gmauil.com/money-making-tricks.html”. Peter navigate to the link and see a Gmail login page. As usual Peter enters his username and password. Now the username and password of Peter would be sent to Alex (that background php do that sending process) and Peter is redirected to a money making tips page https://www.gmauil.com/money-making-tricks.html. That’s all Peter’s Google account is hacked. Learn more about phishing.
How can you protect yourself from Gmail phishing?
Hackers can reach you in many ways like emails, personal messages, Facebook messages, Website ads etc. Clicking on any links from these messages would lead you to a Google account login page. Whenever you find a Google login page, you should note only one thing that is URL because nobody can spoof / use Google URL except when there are some XSS zero day vulnerabilities but that’s very rare.
- What is the URL you see in browser address bar?
- Is that really https://mail.google.com/ or https://www.gmail.com/ (Trailing slash is important since it is the only separator in Google chrome to distinguish domain and sub domain. Check out the below examples to know the difference)?
- Is there a Green color secure symbol (HTTPS) provided in the address bar?
Keeping these questions in your mind would prevent you from getting hacked of phishing. Also see the below examples of phishing pages.
Some super perfect phishing pages are listed below.
Note the misleading URL – Gmail / Google Phishing Page
Most people won’t suspect this page (snapshot given above) since there is https prefix with green color secure icon and no mistake in accounts.google.com. But this is a phishing page, how? Note the URL correctly. It is https://accounts.google.com.infoknown.com so accounts.google.com is a subdomain of infoknown.com. Google Chrome do not differentiate the sub-domain and domain unlike Firefox do.
SSL Certificates (HTTPS) can be obtained from many vendors, few vendors give SSL Certificate for Free for 1 year. It is not a big deal for a novice to create a perfect phishing page like this. So beware of it.
This is normal phishing page with some modification in the word Google.
