Protection Against Phishing Attacks: Learn How to Protect Yourself


  1. Never click on Hyperlinks within emails, instead, copy and paste them into your browser
  2. Use SPAM Filter Software
  3. Use Anti-Virus Software
  4. Use a Personal Firewall
  5. Keep Software Updated (operating systems and web browsers)
  6. Always look for "https://" and padlock on web sites that require personal information
  7. Keep your computer clean from Spyware
  8. Educate Yourself of fraudulent activity on the Internet
  9. Check & monitor your credit report
  10. Seek Advice - if you are unsure, ask us: scams@fraudwatchinternational.com
For more detailed explanations on phishing and how to protect yourself visit:
The Fight Against Phishing: 44 Ways to Protect Yourself:

Simple, but effective…

1. Never trust strangers: The same rules you were taught as a child come into play here; DO NOT open emails that are from people you don’t know. Set your junk and spam mail filter to deliver only content from those in your address book.

2. Sidestep those links: What happens if your spam filter is fooled into delivering junk mail to your inbox, and you happen to open it? Simple – NEVER click on links embedded in your email.

3. Guard your privacy: Your mouse just happened to move over the link and lo and behold, you’re transported to another website where you’re asked to provide sensitive information like user names, account numbers, password and credit card and social security numbers. Just one word for you - DON’T.

4. Fear Not: More often than not, these phony websites come with threats or warnings that your account is in danger of being deactivated if you don’t confirm your user information, or that the IRS is due to pay you a visit if you don’t comply with what’s written on the page. Just IGNORE them.

5. Pick up the phone and call: If you are in doubt that it just may be a legitimate request, and that your bank is actually asking you to reveal sensitive information online, CALL your customer service representative before you do anything foolhardy.

6. Use the keypad, not the mouse: TYPE in URLs instead of clicking on links to online shopping and banking sites that typically ask for credit card and account numbers.

7. Look for the lock: Valid sites that use encryption to securely transfer sensitive information are characterized by a lock on the bottom right of your browser window, NOT your web page. They also have addresses that begin with https:// rather than the usual http://.

8. Spot the difference: Sometimes, just the presence of the lock alone is proof enough that the site is authentic. To verify its genuineness, double-click the lock to display the site’s security certificate, and CHECK if the name on the certificate and the address bar match. If they don’t you’re on a problem site, so get the hell out of there.

9. Second time right: If you’re worried that you’ve reached a phishing site that’s masquerading as your banking page, sometimes the easiest way to check is to enter a WRONG password. The fake site will accept it, and then you’re usually redirected to a page that says they’re having technical difficulties, so could you please check back later? Your original banking site will not allow you entry.

10. Different is the keyword here: Use DIFFERENT passwords for different sites; I know it’s a tough ask these days when most functions of the brain are being passed on to technology, but this is a good way to prevent phishers from getting at all your sensitive transactions, even if they’ve managed to compromise one.
Posted by No comments:

Income Tax Phishing Site- Beware


The above is one of the mails you may receive in your mail box which will redirect you to the below page..BEWARE…
In the Tax Refund Online Form – all fields were compulsory to be filled – like card number, bank account details, Credit card CVV number & ATM PIN etc


See the web address of FAKE SITE (PHISHING SITE)

This is the Official website Income Tax Deaprtment of India, see the difference


NEVER EVER GIVE YOUR DEBIT / CREDIT CARD CVV / CVV2 and EXPIRY DATE TO ANYONE, NOT EVEN TO THE BANK OR A GOVERNMENT OFFICIAL NEITHER ON PHONE OR ONLINE FORM or IN ANY FORM

Beware of Phishing sites. It can cost you all your money.

Posted by No comments:

Download Login Spoofer 2010: Hack Yahoo Account Passwords: Facebook Passwords Hacking


Download Login Spoofer 2010: Yahoo Password Hacking: Hotmail Password Hacking: Gmail Password Hacking: Facebook Password Hacking & Many more..!!


Login Spoofer is a Software that it can create Professional Phishing Pages Like: (Hotmail, Yahoo, Gmail, GameZer, Facebook and many more ....) to Steal somebody's Account you have to push him to login in one of your fake pages, when the Victim Login as you told him, His account (Username/Password) will register in our database So you go to the software (Login spoofer) and press refresh then you'll find His Username & Password & IP & his OS Info...etc. Using and Downloading is free 100%.
  • Yahoo Password Hacking: Hack Yahoo Account Password with phishing attack.
  • Hotmail Password Hacking: Hack Hotmail Account Password with phishing attack.
  • Gmail Password Hacking: Hack Gmail Account Password with phishing attack.
  • GameZer Password Hacking: Hack GameZer Account Password with phishing attack.
  • Facebook Password Hacking: Hack Facebook Account Password with phishing attack..& many more..!!
Download Login Spoofer 2010: DOWNLOAD HERE
Posted by 3 comments:

Hack Gmail: How to Hack Gmail Account Password Using PRORAT Trojan & Phishing Attack


How to Hack Gmail Account Password

Note: This below mentioned methods are used to Hack Gmail Account Password. These methods can also be used to hack any other email account. I have just demonstrated it on how to hack Gmail Account Password.


METHOD-1: How to Hack Gmail Account Passwords Using Phishing Attack

Step 1: Download Gmail fake login page and extract the contents into a folder. Visit here to download GMAIL FAKE PAGE

Step 2: Create your free account at www.t35.com, www.110mb.com or www.ripway.com and upload the extract files here.

Step 3: I have uploaded all files at t35.com. Simply upload all the extracted files here.

Step 4: Open you fake page, enter user name and password and try out whether its working. You fake page will be located at http://yoursitename.t35.com/Gmail.htm

Step 5: A password file will be created in the same directory and you can check it at http://yoursitename.t35.com/GmailPasswords.htm.

Now you are ready to hack Gmail accounts password. If you face any problem, post your comments here.
This post is for educational purpose only. www.freehacking.net holds no responsibility how you are using the downloaded files.

METHOD-2: How to Hack Gmail Account Passwords Using Trojans & Keyloggers

Here I am demonstrating using PRORAT trojan. You can also check the list of trojans & Keyloggers here which I have already posted few months back. You can use any trojan or keylogger as per your ease. The basic functionality of all backdoors are same. Pls make note that all these hacking tools and softwares are detected by antivirus. You have to uninstall or close you running antivirus first. I strictly recommend you to try these trojans & keyloggers on some testing system first.

Step-1: Download latest version of ProRat v1.9 Fix2. CLICK HERE to download. The ZipPass is : pro

STEP-2: Creating the ProRat server. Click on the "Create" button in the bottom. Choose "Create ProRat Server".

STEP-3: Open Notifications. Select second option "Mail Notification". In the E-MAIL field you will see a mail
id: bomberman@yahoo.com. Remove this mail ID and give your own mail id here. You will receive a notification
email on this email id whenever you victim will be connected to internet from the infected system.

STEP-4: Open General settings. This tab is the most important tab. In the check boxes. here is a quick overview
of what they mean and which should be checked.

Key:

[ ] = dont check
[x] = check

[ ] Give a Fake Error Message. (when they open the file, it gives an error message.
[x] Melt server on install. (this will cause the server to ALWAYS connect to the internet when the victim gets
online)
[x] Kill AV - FW on Install. (this causes the anti-virus and firewalls to SHUT DOWN and stay off once installed
on the victim's computer.
[x] Disable Windows XP SP2 security center
[x] Disable Windows XP Firewall
[x] Clear Windows XP Restore Points
[ ] Dont send LAN notifications ( keeps other computers on the victim's network from knowing about you )
[ ] Protection for removing local server

In the Invisibility Box, check all 4 boxes.

STEP-5: Open Bind With File. You can bind your server\downloader server with a file that you want. You must
click on the ''Bind the server with a file'' button and then the file button will be activated. You can choose
a file to be binded with the server now. A good suggestion is a picture because that is a small file and its
easer to send to the people you need.

STEP-6: Open Server Extensions. I prefer using .exe files, because it is cryptable. Mostly crypters don't
support .bat/.pif/.com etc. So use .exe files.

STEP-7: Open Server Icon. You can select the one you want to use with the server from the small pictures on the
menu. You can use an icon from your computer also. Press the "Choose new icon" button.

STEP-8: After this, press "Create server", your server will be in the same folder as ProRat. A new file with
name "binded_server" will be created. Rename this file to something describing the picture.

[NOTE: PLS DO NOT OPEN THE FILE "binded_server" on your system.]

STEP-9: Sending this file "binded_server" to victim. You can send this trojan server via email, pendrive or if
you have physical access to the system, go and run the file.

From EMAIL, you can not send this file as it is because it will be detected as TROJAN OR VIRUS. Password protect this file with
ZIP and then email it. Once your victime download this ZIP file, ask him to unlock it using ZIP password. When
the victim will double click on the file, he will be in your control.

STEP-10: Connecting to the victim's computer. Once the server has been sent and the person has opened this ZIP
folder, they will now be infected with it. AND HAVE NO CLUE ABOUT IT!. On the top of the ProRat program you
will see a box in the upper left corner. Type in the victim's IP address and make sure the port is 5110. Now
press Connect. You should now see a pop-up box wanting to know a password. Remember the password you entered
while creating the server? that is what you need to type. By default, it is "123456" without quotes.

STEP-11: Check your email, (junk in needed), and find the “Your victim is online”. Copy and paste the IP
address onto ProRat where it says “IP:[127.0.0.1]“. Press CONNECT, DO NOT CHANGE THE PORT, if u did change it
back to 5110. Type in the password (default is usually 123456, it is in the email). Your done, now you can mess
with the buttons on the program. Especially the GIVE DAMAGE button. It will damage their pc by format, and will
make the computer useless.

FAQ:

Q: Error message:Windows cannot access the specified deice, path, or file. You may not have the appropriate
permissions to access the item. What do I do?
A: Simple! Delete the ProRat program. Delete it. What happen was, your AV has altered the file. OR it could be m
alacious content. Either way, delete it. NEXT, remember the file you downladed? Un extract the file again and
re run. You will not need to remake a server file and such if it has been sent to the victim. Just open ProRat
and make sure your AV is shut off. Reconnect. There ya go.

Q: What operating systems are supported by ProRat?
A: Windows 95/95B
Windows 98/98SE
Windows ME
Windows NT 4.0
Windows 2000
Windows XP
Windows Vista

Q: When I have downloaded ProRat, my antivirus detect it as virus. What should I do?
A: Well, since RATs are hacktools, and all the hack tools are detected as viruses, ProRat is detected as virus
also. To download and install ProRat you will need to turn off your anti-virus.

Q: What should I do after I install my server?
A: After you install your server, you should spread it. Few years back I have installed my server manually on
1000's of cyber cafe in my city. I hacked almost the entire city cafe users secret information. This is the
best way. Go to nearest cyber cafe's and manually install your trojan server.

Q: I've created a server, but I don't see it in the directory. Why?
A: That's caused by your antivirus. The server is detected, and it won't let it. I suggest you to remove your
antivirus if you are going to use RATs.

Q: I've send my server to a friend on MSN, but he doesn't connect.
A: That's because he has an antivirus or firewall and it won't let him to connect in your RAT. To make it
FUD(Fully Undetectable), you should use a crypter.

Q: Is ProRat illegal?
A: No. ProRat is a legal RAT. The author of ProRat created his program for legitimate purposes. For example,
there are many legal activities. Parents can use keyloggers to protect their children from online abuse etc.
Some people use it for stealing passwords, credit cards and more but it's not a software which breaks the law,
but the person who uses it.

Q: Can ProRat be used for legitimate purposes?
A: Yes. You can monitor your children online activity.. to make sure they don't visit pornographic websites.
You can find out if someone uses your computer while you are away, ensure no one is accessing your personal
files while you are away and more.

Q: How do I make my server FUD?
A: You should use a binder or crypter. Also check the below links how to make trojan or keylogger fully undetectable from antivirus.
Posted by No comments:

Phishing Attack With Phishing Kit | Hackers New Creativity With Phishing Attacks


Phishing Attack With Phishing Kit | Hackers New Creativity With Phishing Attacks

A new attack has been uncovered using a phishing kit that has an indestructible infrastructure due to its residence in the cloud.

In the majority of phishing schemes when the main server is taken down the main collection point is also removed, but with this kit the data collection space is hosted separately from the phishing websites, Imperva discovered.
Once a server is taken out, all hackers need to do with the cloud-based kit is to re-post the web front end in a new location.

Imperva explained this case is also interesting for its provenance and operation.

Created by two “master hackers”, the phishing kit was posted on hacker forums. Those who used the kit then became part of the master hackers’ “army”, meaning all the data they acquired went back to the creators, who did not have to put in the hours implementing the attack.

The masters’ underlings did not know a thing about their leaders’ activities either and, depending on the country, the kit’s creators will not have broken the law as they just wrote the software.

And as each of the subsidiary hackers has their own campaign, taking down numerous domains will not affect other schemes that report back to the master hackers.

One of the overlords claimed their kit has been downloaded 200,000 times, Imperva said, but this could be an exaggeration, according to the security company’s chief technology officer Amichai Shulman.

"To some extent this is malware-as-a-service," Shulman told IT PRO, adding that the attack shows how hackers will abuse technologies people are widely using - in this case the cloud.

“This is definitely showing a shift from the normal models that we have seen so far regarding phishing,” Shulman said.

It appears hackers are getting creative with phishing attacks.
Posted by 3 comments:

Tabnapping Attack Tutorial: Phishing Attack Tutorial


Tabnapping Attack Tutorial: Phishing Attack Tutorial

Tabnapping - Phishing in mulitabbed environment of browsers

This is my first post in this blog, a great opportunity for me to write in this blog. My first post is on a simple hacking trick which is phishing but in a new way. This new way of phishing is known as Tab Napping. The basic steps are same as traditional phishing attack. Phishing is the most popular and widely used method for hacking email accounts. Phishing is not as easy as it's name. Creating a phishing page is an easy task and any one can download it from various hacking forums for free. The main step of phishing comes after creation of fake login page.

How to send this fake page to the victim??

Here comes the Tab Napping which can make your second step easy than before. No need to send fake page via email to victim.


Tab Napping use the modern browser's multi tabbed environment. Now a days all people use multiple tabs for accessing Gmail, facebook, orkut and other websites simultaneously. The trick is to confuse user in his/her multiple tabs and redirect any of idle ta of his browser to your phishing silently. Tab Napping works on the user's assumption that a tabbed web page stays the same when other Internet services are being accessed.

The idea behind this is very simple and is done by javascript. Tab napping is all about the relation of 2 pages. suppose Page A and Page B. Victim was viewing page A in a tab of a browser and then left this idle and and now using some other website in another tab of browser. If the user will not return to page A for some pre-specified time, page A will automatically redirect to Page B. This Page B is your phishing page. This redirection and cheking for user actions is done by Javascript. You can download it for given link.

Make a web page and use the tab napping script in that page say it page A. This script will not affect the layout or content of the page. This script will check for user actions. If the page is idle for some time, this script will redirect this page to a pre-specified page which may be your phishing page. You have to specify this page in the script. Be sure to change this in script.
check script for this line...

timerRedirect = setInterval("location.href='http://www.gmail.com'",10000);

this line will redirect to Gmail after 10 sec. Change this location to the address of your phishing page. This line is used 2 times in the script so change is both lines.

so page A with tab napping script will redirect to phishing page B.

Now send the link of the page A to your victim. This is a normal page. If the page is idle for some time it will be changed to page B otherwise no effect.

Download Here:
Posted by 1 comment:
Subscribe to: Posts (Atom)