What is Phishing?

Phishing is a technique hackers use to gather passwords, personal information or even credit card details. Phishing is generally carried out via E-mail or Instant Messaging and maybe used in popular MMO's such as RuneScape 2. These E-mails or Instant Messages would include a link to a site that would look and feel like a site you may be a member of, such as eBay. Once redirected to this phishing site, they would generally have a login form. The victim would attempt to login and an error would come up, saying something's wrong with your username or password. When in reality nothing is wrong with your login details, it's just the details you've put in, they had them sent to a text file that they have. The hacker would open this text file and your username and password would be waiting.

Phishing techniques

Social Engineering

We have a built-in reaction to things that are important to us. Subjects are chosen to create anxiety and demand immediate action: an email with the subject: "to restore access to your bank account ..." will usually get our attention and cause us to click to read what happened.

Link Manipulation

Alot of Phishers use technical deception in links. Some might setup a link like this: http://www.youtube.login.com One would think that it would take you to the login seciton of the YouTube site. But it doesn't, it in fact takes you to the YouTube section of the Login website. Another way to manipulate links is to make the anchor text for a link appear correct, like this: Mmorpguides. You would think that this would take you to Mmorpguides, when in fact it takes you to Google. One way to make sure a link is what it seems is hover over the anchor text(The part that says Mmorpguides) and look at the bottom left of your browser, the bottom left corner will tell you where it'll take you.
An older method of Phishing is using the '@' symbol in links like this: http://www.google.com@members.tripod.com/ This could decieve a casual browser into thinking that it takes you to a section on the Google website. When in fact it actually uses the username www.google.com on the members.tripod.com website. Microsoft Internet Explorer has disabled links like this, while Firefox and Opera will bring up an alert asking if you want to proceed.
Filter Evasion

Phishers can even use pictures to take you to websites. Always be weary of a picture that looks just like the banner from a trusted website. Remember you can also hover over images to check the URL destination.

Website Forgery

Once the victim has entered the website, it isn't over. Phishers may use JavaScript to alter the address bar. This is done by placing an image over the address bar and making it seem as though you are at a valid website.

Vishing

Voice Phishing(Vishing) are sent by E-mail to the victim, telling them something is wrong with their account and ask them to dial a number(Which is owned by the Phisher and provided by a voice over IP service) The unknowing victim would dial the number and the Phisher would ask them their details and personal information. Vishers may even use a fake caller-ID to make it appear as though you are calling a legitimate organization.

So there you have it, a quick guide on Phishing and how it lures people in.
You may post with extra information that I will add and give credit if needed.

good topic mistikman i think maybe members should post phising sites here to warn other members of them (if its ok with everyone) because i've fallen victim to one myself :(

Ooh, someone actually replied.
Thankyou, Irishladdy, and I'm sory to hear that. D:
That sounds like a good idea, should I post a topic of any Phishing sites and perhaps pin it?

I think that would be a great idea.

I've never fallen for one, but people have tried them on me. The only thing like that, that has ever happened to me was on ebay. I sent some stuff to someone and they emailed me telling me that I need to give them the code to track the stuff (I sent it to someone in Nigeria, I live in America), in order to get the money (700 dollars). I put it in, and an error popped up. I talked to her about it, and it turned out that she made the e-mails.

People are very good at making websites and e-mails appear as though it was real.

Okay, I'll do it later when my computer stops going so slowly.

heh i also do phishing. I tried to do it with facebook and i found out it was possible just by sending the www.facebook.com link to someone and when they log in BOOOM the code is "yours"
It's like a keylogger but the only difference is that it is online. Phishing is also used in MSN/HOTMAIL a lot of fools are sending sites that are phish hacks. Also messblack has currently reliesed a phish hack creator xP
Lol nobody is safe anywhere if hacks like these keeps developing

I hate that there are those kinds of pplz out there... but im not judging those pplz theres someone already there for that :) ^
But imagine this, what if someone create the super virus... totally undetectable but able to persued to a person computer drag all their info, downloads EVERYTHING and delete those same files and then store it so someone who created it can access it ....

The WORLD as we know it will crumble

a totally killer virus would be hard to make. imagine. how would it spread? "over the internet" computers dont normally accept a file for no reason at all. u would need a 0day (google it) and if u had this killer virus, how would it work? destroy a pc? then how would it spread?
whatever. that was a joke. its very easy to make a super-duper virus, just no1 has the patience to do so (quite tedious)

and by the way, phishing is very easy to carry out. i can make a phishing page for any website in a matter of seconds. it isnt hard at all. whats hard is to get someone to click on the link. trust me, most ppl will look at the URL bar nowadays...

so whats been "developed" (hack techniques, develop, u make me LOL whoever said that)? desktop phishing. an application that is EXTREEEMely simple to make (u only need winrar) which edits ur stuff on ur pc and makes it so that going to www.paypal.com actually takes u to a malicious site. how? milw0rm:desktop phishing. look it up... (i didnt mention needing a binder or crypter because they arent really necessary)

Doubt i'll fall for Vishing. I hate phone calls so gos out of country. U never know how bad english the other person is talking and might fast get misunderstandings.
Happend to me before.

So if i get an e-mail in english saying calls this number, i think to myself; Screw it!

But Phishing, almost fell for it once. I noticed the URL address was not 100% trusty.
So i tried to enter name and pass to see what happend.

This is what i enterd:
Acc: Notworking
Pass: F*ckoff