Hello everyone. We have made a project with my colleagues on phishing attacks. It was made for educational purposes for our lecture. Let’s start with what is phishing attacks? Then I’m going to share how you can perform a phishing attack in the real world, and then I will talk about how many people clicked phishing links in our test environment. After the attack, We told all users that this is a test attack and that they have to change their passwords after the attacks. And we tried this project on our own friends. By law, you cannot use this attack on real users. Keep in mind!
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack, or the revealing of sensitive information.
For this test, we have used Kali Linux 2020.2 and the Blackeye and ngrok tools. The first thing we must do is open the console and clone the GitHub repository of the said tool with the following command.
Then we will download ngrok from its official website: www.ngrok.com with this we will be able to visualize phishing outside our network. In this case, we download the version for Linux.
Unzip the downloaded file and put the file generated by ngrok on the desktop.
We go back to the ngrok website and copy the auth token that ngrok has generated for us.
Back in the console, we go to the desktop list its's content and see that we have the ngrok file that we unzipped earlier.
Finally, we paste the ngrok auth token and execute the command. With this, we will already have ngrok installed on our Kali Linux machine.
Next, we are going to create an external bridge with ngrok through TCP on port 4444 , through which it will connect to our computer and send the information. To do this we execute the following command.
As we can see, a connection has been created successfully, with the following address highlighted in red.
Now it is the turn to run the blackeye tool that we have cloned from its Github repository earlier.
For them , from the console, we list the root and we can see that we have it there , because with the following command we execute it.
We choose the page to impersonate, in this case, Instagram by dialing the number 1.
By default, we get our IP to test it within our network, but we have created an external bridge with ngrok on port 4444, with which here we will put localhost: 4444
We copy the address generated by ngrok and paste it into our browser, first we are going to test within our network since I am connected to Wi-Fi.
As we can see, the cloned Instagram page appears, we also enter our credentials.
We see how the Blackeye tool has identified the victim and from where he is connecting, in addition to obtaining the credentials that we have put on the Instagram page.
We can see the credentials saved from the following file.
Now we test from a mobile device connected to the 4G network to see if it really works outside our own network.
As we can see, ngrok does its job perfectly.
OUR TEST ENVIRONMENT STATISTICS
We have sent this link to 17 different people that don't know each other (female:8 male:9)
-7 of them clicked the link(%39).
-Only 2 people of them who clicked have tried to login (%28)
-The hacking rate is low between the ages of 20-30 (%25)
The Shocking Phishing Statistics of 2020
•97 of the users are unable to recognize a sophisticated phishing email
•95 of all attacks targeting enterprise networks are caused by successful spear phishing
•Employees in the departments handling large scale data have problems in identifying phishing emails
•A single spear-phishing attack results in an average loss of 1 6 million
•30 phishing emails are opened by users and 12 of these targeted users click on the malicious link or attachment
•85 of all organizations have been hit by a phishing attack at least once
•Mobile phishing attacks are usually quite different and more problematic
•81 of all mobile phishing attacks were launched outside of email
-71 of all sextortion victims are younger than 18 years of age
Special thanks to ( Jesus Palomo, Aytac, and Deniz).