How My Mother Got Hacked by a Phishing Attack by@fatman

How My Mother Got Hacked by a Phishing Attack

July 7th 2022 1,383 reads
Read on Terminal Reader
Open TLDR
react to story with heart
react to story with light
react to story with boat
react to story with money
My mother was hacked by a phishing email asking her to confirm her Google account. The attacker sent a carefully worded document to click on a link that will log her into their Google.com account. If she didn’t respond immediately, she would be locked out of her account. This particular method uses two common social engineering tools used by maliscious actors: trust and urgency. The username/password information is sent to the hacker who collects the credential data and moves to the next stage of the attack.
image
Scott Eggimann HackerNoon profile picture

Scott Eggimann

Cybersecurity enthusiast, Security+ Student, sometime lockpicker



image


I never realized how easy it was to get a username and password to an email account until my mother was hacked. Listening to her explain what happened I realized that the attack was simple enough… she logged into her google account through an email asking her to confirm her username and password. Why would she question the request?


When I got access to her laptop I suspected the attack on her credentials was much larger and had migrated into her computer. She told me of unauthorized Amazon purchases while I watched random popup messages appear on her laptop. I closed her computer, told her to never log into it again, bought her an iPad, and changed all her passwords. Then we had a long talk about malicious links and random support people calling her up to ‘help’ her.


I tried to understand how she got to this point of compromised accounts and discovered that it's pretty simple.

Email Phishing Attack

Phishing is a type of online scam where criminals impersonate legitimate organizations via email, text messages, or advertisements to steal usernames and passwords. This happens by including a link that will appear to take you to the company’s website to fill in your information — but the website is a clever fake and the information you provide goes straight to the hackers behind the scam.


It went down something like this:

How Mom Got Hacked

How Mom Got Hacked


  1. The attacker sent a phishing email to my mother. In this case, a carefully worded document to click on a link that will log her into their Google.com account. If she didn’t respond immediately, she would be locked out of her account.
  2. My mother clicked the link and arrived at a web page that looks identical to a Google.com login page.
  3. She logged into the fake Google.com site. She sees normal Google pages and believes she successfully logged into Google.com and prevented her account from being locked.
  4. The username/password information is sent to the hacker who collects the credential data and moves to the next stage of the attack.



Phishing Email

A carefully crafted phishing email lacking typos or bizarre grammar is important to the success of the phishing campaign. The email she received was similar to this one with the subject line: Verify Your Google Account.

Phishing Email

Phishing Email

Phishing Email

This particular method uses two common social engineering tools used by maliscious actors: trust and urgency.


Ironically a couple of days after I sent this test phishing email to myself, I saw it sitting in my inbox and opened it forgetting that I had crafted this alert for this article. Its easy to be fooled if you are distracted!

How a Hacker Stole My Mother’s Login Information

We are going to use Kali Linux for this walkthrough, but there are several tools available for credential harvesting. This attack is amazingly simple, I’m surprised it is so easy to implement.

Getting Started

  1. From the command line launch the Social Engineering Toolkit (SET) as root.

# setoolkit

The Social-Engineer Toolkit is a set of tools provided by trustedsec.com for penetration testing and ethical hacking.

  1. From the main menu, select Option 1, Social Engineering Attacks.


Social Engineer Toolkit Main Menu

Social Engineer Toolkit Main Menu


From the Social-Engineering Attacks menu select Option 2, Website Attack Vectors.


Social-Engineering Attacks Submenu

Social-Engineering Attacks Submenu


  1. From the Social-Engineering Attacks submenu, Select Option 2, Website Attack Vectors.


Website Attack Vectors Menu

Website Attack Vectors Menu


From the Website Attack Vectors menu, Select Option 3, Credential Harvester Attack Method. Using built-in templates, this option allows us to use popular websites, such as Google, Yahoo, Twitter, and Facebook.


Website Attack Vectors Menu

Website Attack Vectors Menu


For the Credential Harvester Attack method, Select Option 1, Web Templates


Credential Harvester Attack Method Menu

Credential Harvester Attack Method Menu


The Credential Harvester starts to build the collection site. If you are using the same machine to collect your information, use the default IP address for the POST back in Harvester/Tabnapping [192.168.1.183]: selection. Change this address to your machine.


IP Address for Harvester/Tabnapping

IP Address for Harvester/Tabnapping


From the list of Web Templates, Select Option 2. Google.


Web Templates Menu

Web Templates Menu

Web Templates Menu


The Social Engineer ToolkitCredential Harvester Attack builds a temporary website by cloning a copy of google.com. It will start a webserver at the address you specified and starts a listener on Port 80. Any connections to this port are logged to the console.


Credential Harvester Console

Credential Harvester Console

Credential Harvester Console

You can test this exploit by pointing your browser to the IP address you supplied in the Harvester/Tabnapping section or by embedding this link into your carefully-crafted phishing email. http://192.168.1.183


The exploit is complete. All the hacker needs to do is wait for somebody to load the page.

image

Casual users won’t notice the unconventional URL and Not Secure lock highlighted in red in the web browser’s location bar.

image

Successful Credential Capture

Meanwhile, the attacker waits for the following message.

Completing the fake Google Account login page captures the credentials and sends them to the console of the attacker’s computer. In our example, a possible username is [email protected] while her password appears to be Ilikecats.

image

A little bit of trust and a believable story is all that is needed to harvest some credentials. Imagine launching this attack against several thousand email addresses?

How to Protect Mom

There is nothing new in preventing this type of attack. Regular everyday security practices apply: do not click on links from somebody you do not trust. If you feel the need to click the link, confirm the URL is from the same trusted source, there are no typos, and that it is not from an IP address.


She loves her new iPad.


Also Published Here

react to story with heart
react to story with light
react to story with boat
react to story with money
L O A D I N G
. . . comments & more!