Phishing attack the easiest way to get Hacked

(fish´ing) (n.) The act of tricking a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.
Phishing email will direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organisation already has. The website, however, is bogus and set up only to steal the information the user enters on the page.

Example

once you click CANCELREQUEST they will redirected you to a fake yahoo UI and they will require you to provide your credentials.

The Good news is that if you are using Chrome Version 40.0.2214.111 (64-bit) which is the latest version at the time of writing this article then you are safe. This is becuase Google chrome was able to detect this Phishing attack and has blacklisted the Url.

But i ran the same test on Safari Version 7.1.3 (9537.85.12.18) and boom thats the url: data:text/html;base64,PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMDEvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvVFI

The url was too long so if you want to see the full hash of the phishing site check

http://www.dermatologyng.org/index2.html

while the original url is:

http://www.dermatologyng.org/index2.php

Hosted on

Nigerian Association of Dermatologists Server

Test on Safari Version 7.1.3 (9537.85.12.18)

You might have a Harvard degree but trust me you will fall for this phishing trick.

Once they get your credentials thats it.

Test on FireFox did a good job Version 35.0.1

Test On Opera Mobile S3 Emulator

So i looked up the owner of the domain:

Domain Name:DERMATOLOGYNG.ORG
Domain ID: D161828974-LROR
Creation Date: 2011–03–21T18:24:15Z
Updated Date: 2014–03–28T23:22:54Z
Registry Expiry Date: 2015–03–21T18:24:15Z
Sponsoring Registrar:GoDaddy.com, LLC (R91-LROR)
Sponsoring Registrar IANA ID: 146
Registrant ID:CR78458553
Registrant Name:Dele Arilesere
Registrant Organization:Cygress Limited
Registrant Street: 286A, Akin Olugbade St.
Registrant City:Victoria Island
Registrant State/Province:Lagos
Registrant Postal Code:NONE
Registrant Country:NG
Registrant Phone:+234.7064040404
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email:info@cygress.com
Admin ID:CR78458555
Admin Name:Dele Arilesere
Admin Organization:Cygress Limited
Admin Street: 286A, Akin Olugbade St.
Admin City:Victoria Island
Admin State/Province:Lagos
Admin Postal Code:NONE
Admin Country:NG
Admin Phone:+234.7064040404
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email:info@cygress.com
Tech ID:CR78458554
Tech Name:Dele Arilesere
Tech Organization:Cygress Limited
Tech Street: 286A, Akin Olugbade St.
Tech City:Victoria Island
Tech State/Province:Lagos
Tech Postal Code:NONE
Tech Country:NG
Tech Phone:+234.7064040404
Tech Email:info@cygress.com
Name Server:NS1.CYGRESS.NET
Name Server:NS2.CYGRESS.NET

So please be more careful the site you insert your credit card info or your private credentials. Always make sure your browser is updated.

if you have any question send me a mail: nnamsoanthony@gmail.com

Show your support

Clapping shows how much you appreciated Engr Nnamso Anthony’s story.