im here not to ask about how to make it, but I want to prevent my account got hacked. What I know is phising method requires the user/target to input our login information. So is it okay if I just click some phising links? because some time I have some problem login to digital point forum. And sometime I have to login more than once.
google XSS, and you will see how users can be redirected to fake login pages, or cookie stealers by using flaws in languages such as javascript
XSS = cross site script... I think cookie stealer is more dangerous then fake login page... omg, I think I have to learn about internet security again...
True, cookie stealer is more dangerous, but it requires a vulnerability to work. Not just every website can access your google cookies. Just keep your browser, antivirus and firewall up to date and don't click obviously stupid links and you should be OK (key to that is remembering, that there are no free lunches and there's no way you won 33654666666334652451432423$ in online lottery you didn't register to)
you would want to know how XSS works because if your a programmer then your going to need to know what kind of flaws in your code hackers will take advantage of e.g. making sure variabels are properly sanitized, and also if you know how it works then u know what to look out for !
Phishing is when someone makes an exact clone of a site for ex. paypal. but they have a domain name such as paypall.com and this "phisher" could send hundreds maybe thousands of emails to random people telling them to like "Please click this link to sign in to paypal and check your status" but if you pay attention and mouseover to that link , it will actually take you to paypall.com instead of paypal.com . Once you click on the link , everything on your page will look exactly like the real paypal site but its not. Once you enter your username and password and hit enter, The page will refresh and at this point , it will take you to the real paypal site. Now you think you might have just made a typo error or something, so you sign in again and it actually lets you in. The first time you entered your secure information , it saved that info to the "phishers" log . Now he/she knows your personal login. I hope this wasn't too confusing. To avoid this , always open a new browser and enter the url manually . Never click on a link from a friend/email/stranger of course. #1 Rule - As mentioned already , ENTER THE URL YOU WANT TO GO TO MANUALLY IN A NEW BROWSER!!!
thanks for the explanation... so it means it have to input my details first right, so if I click it but I don't put anything on it, Its still save....
Yes, in order to get phished you will need to give the fishing site your information in order for the phisher to get your details. Once you give them the details they will then log into the real account and cause trouble for you and your finances. Phishing happens when a person sets up a duplicate site that looks and behaves just like the real site. You log in, they capture that data and then you are in trouble. Most phishing starts with an e-mail supposedly from your bank asking you to click a link and log in. The link obviously points to the fake site.