The first scam we’ll talk about is the biggest, it’s called the Phishing scam. Phishing scams are based on communication made via email or on social networks. Cyber criminals will send you messages and have you click a link to try to trick you into giving them information you would never give them in the first place. This could be information such as your login credentials for your bank account, your social network, your work account, your cloud storage, your social insurance number, or any other personal data that can prove to be valuable for them.
In order to do that, the phishing emails will seem to come from an official source. The message could look like it came from a trusted friend that has you click the link, or it can be bank authorities or other financial institutes, or delivery service companies, or even social networks representatives.
When you receive some of the latest phishing email, they look really legit. So they’ll persuade you to click on the links contained by their messages and access a website that also looks legit, it’ll look like the real one, but it’s actually controlled by them. So because most people don’t pay attention to what they’re clicking on, you’ll then be sent to a fake login access page that resembles the real website, but once you enter your information into the login form to, the scammer will get your username and password right away. I’ll show you that in a few minutes.
In order for their success rate to grow, scammers create a sense of urgency. They’ll tell you a frightening story of how your bank account is under threat and how you really need to access as soon as possible, or that there was an error in a system that you must login to correct. That’s when you’ll be sent to a fake web page where you must insert your credentials in order to confirm your identity or your account.
In the end, After you filled in your online banking credentials, cyber criminals use that submitted information to breach your real bank account or to sell them on the dark web to other interested parties.
Let me show you an example of a software that I use to attack my clients, legally of course. That reminds me, Let me clarify something I get asked all the time which is a confusing profession, when I get hired by a company to test THEIR security, not someone else’s, because that would make me an unethical hacker. So again, when I get hired by a company to test THEIR security, I often use this technique to get me into a company where I have trouble getting in remotely.
The software I use to perform my intrusion tests is called Metasploit Pro by a company called Rapid7. This tool costs thousands of dollars, so I’m sorry if I just crushed your idea that you’ll be downloading this for free. There are free tools that can do this task as well, but my goal here is not to show you how to scam other people, it’s to show you how the scammers are doing it to scam you. It’s like learning martial arts, the goal is to defend, not attack.