Phishing attack the easiest way to get Hacked
(fish´ing) (n.) The act of tricking a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.
Phishing email will direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organisation already has. The website, however, is bogus and set up only to steal the information the user enters on the page.
once you click CANCELREQUEST they will redirected you to a fake yahoo UI and they will require you to provide your credentials.
The Good news is that if you are using Chrome Version 40.0.2214.111 (64-bit) which is the latest version at the time of writing this article then you are safe. This is becuase Google chrome was able to detect this Phishing attack and has blacklisted the Url.
But i ran the same test on Safari Version 7.1.3 (9522.214.171.124) and boom thats the url: data:text/html;base64,PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMDEvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvVFI
The url was too long so if you want to see the full hash of the phishing site check
while the original url is:
Nigerian Association of Dermatologists Server
Test on Safari Version 7.1.3 (95126.96.36.199)
You might have a Harvard degree but trust me you will fall for this phishing trick.
Once they get your credentials thats it.
Test on FireFox did a good job Version 35.0.1
Test On Opera Mobile S3 Emulator
So i looked up the owner of the domain:
Domain ID: D161828974-LROR
Creation Date: 2011–03–21T18:24:15Z
Updated Date: 2014–03–28T23:22:54Z
Registry Expiry Date: 2015–03–21T18:24:15Z
Sponsoring Registrar:GoDaddy.com, LLC (R91-LROR)
Sponsoring Registrar IANA ID: 146
Registrant Name:Dele Arilesere
Registrant Organization:Cygress Limited
Registrant Street: 286A, Akin Olugbade St.
Registrant City:Victoria Island
Registrant Postal Code:NONE
Registrant Phone Ext:
Registrant Fax Ext:
Admin Name:Dele Arilesere
Admin Organization:Cygress Limited
Admin Street: 286A, Akin Olugbade St.
Admin City:Victoria Island
Admin Postal Code:NONE
Admin Phone Ext:
Admin Fax Ext:
Tech Name:Dele Arilesere
Tech Organization:Cygress Limited
Tech Street: 286A, Akin Olugbade St.
Tech City:Victoria Island
Tech Postal Code:NONE
So please be more careful the site you insert your credit card info or your private credentials. Always make sure your browser is updated.
if you have any question send me a mail: firstname.lastname@example.org