2021-04-14 13:54:25
Disguising phishing links
Hey Freaks! Hackfreaks here. Nowadays, people are smart enough. They don't fall into the phishing trap. Because the link doesn't look like the original site. For example, a phishing link might be https://ngrok.io/xxabcd but it opens pages like Gmail Login. People are trapped and a user with minimal technical knowledge will not put in credentials (Username and Password). Thus, it becomes difficult to deceive anyone.
What then is to be done? The answer is social engineering. The attacker must be proficient in social engineering. Brought to you by hackfreaks official. What is Social Engineering? In short, social engineering is “mistakes in human equipment”. The attacker plays with the mind of the victim and deceives him.
Hiding phishing links in good-looking links is a big part of social engineering. Using this method, the attacker owns the victim's trust and the victim treats the phishing link as normal. Because the top-level domain (like Google, YouTube, New York Times, etc.) is considered clean.
To make things easier, we will be using a tool that converts a phishing link into a regular web link like Google or YouTube.
Installation
git clone https://github.com/jaykali/maskphish
cd maskphish
bash maskphish.sh
Then MaskPhish will open the main menu:
Now we need to put our phishing URL here, whatever it is (with http: // or https: //).
Then we need to put in a reliable url, whatever the way of phishing the victim's mind https://google.com or https://youtube.com or http: //anything.com - yes.
Here we need to use some social engineering words separated by the letter “-”, for example, if the victim is a soccer fan, then we can use something like the best-footaball-skills mind that here we are not using any space.
Then we just type it in and we get our disguised link. We got our url started from facebook.com and the url doesn't have ngrok directly in the url.
254 views10:54
D
