Identity Theft - Phishing - Uni Assignment
Posted 30 May 2009 - 11:48 PM
I am currently studying Bach of I.T at Uni this year and our current topic on 'user information and storage - identity theft' has me thinking. We have to give a presentation on identity theft and how human society can be manipulated and/or exploited for a predetermined outcome.
I was going to talk about social engineering using phone calls/emails etc relating to the likes of Kevin Mitnick but then i thought about the idea of phishing.
Phishing is a combination of social engineering and human carelessness.
So i thought, ill show, in person, how a common social networking website like Facebook and its millions of users can be exploited through their incompetencies and laziness.
I done some research, got a rough picture in my head where i was going with this and if at all, this could be done within reason.
In theory the page should operate similar to this:
I also want to be able to hand craft a email to look and act like a legitimate email from Facebook. So the test subject will receive a email from facebook.com "some kind of notification"
So i think this is how someone could go about this:
1) Create a fake Facebook domain; something like : http://www.facebook....somephpidstring.
2) Capture the current php login page from Facebook and duplicate it on my own domain.
3) Create a https page for fake authenitifcation.
4) Setup some kinda of database or back end logging script to record the data submitted into the login script.
5) Crete some .htacess redirect to submit the user's input directly into the legitimate facebook and complete the rest of the login process
6) Test login process
7) Forge a sample email claiming to be from "facebook.com" with some kind of notification "person x has commented on your photo... etc etc"
8) Ensure the email appears to be from facebook using their legitimate domain etc
Amy i on the right track with this? Note: this is all "hypothetically speaking"
Posted 31 May 2009 - 12:47 AM
Posted 31 May 2009 - 08:13 PM
BinRev is hosted by the great people at Lunarpages!