Ep 41 What a phishing attack looks like

Get a Windows 11 development environment

Create Windows VM Create files and folders on Windows VM Take snapshot Attack Machine click phishing links phishing link, Browser-in-Browser attacks Excel macros attacks Download malware VX Underground Click on phishing links in a Windows VM

c:> deno task Phishnet

Hello and welcome back to USB our Guest, Cyber Security tips. I’m Theo, here to help you break down cyber security news and hacks and how they affect you.

Today I wanted to do something a little different and somthing I've wanted to do for a while. I'm getting phished, repeatidly. I'm going to show you multiple legitimate login screens next to spoofed login screens that actually steal credentials. We're gonna talk about when and where the attack happens, where the username and password gets pulled and how to avoid.

Humans are and will continue to be the fastest and easiest path for the bad guys to gaining access to systems they are not supposed to have access to. And its not just older folks clicking links on FaceBook to take a survey and getting a "facebook" landing page asking for credentials. I've seen reports and podcasts of phishing attacks in Discord relating to Crypto currencies or the Steam platform involving a younger age group.

Before jumping in, a couple disclaimers I'm not going into exactly how this works I'm not explaining how the website was duplicated I'm not explaining how the backend works to lift the credentials. This was put together by someone smarter than me to one end/ for one goal -- To innoculate users from phishing attacks and to convince people to stop clicking on links in emails, texts, DMs and then supplying credentials I want to express gratitude for the work done by Casper0x413, Thank you Saint

Phishnet is a simple net that catches phish Phishnet presents the user with a virtually indestinguishable login page to Amazon, Coinbase, Discord, FaceBook, Github, PayPal, Steam, Roblox, TikTok, Twitch

Run through Phishnet 1 - actual login screen 2 - spoofed login screen 3 - html PhishNet net 4 - CLI PhishNet highlights - login screens are indestinguishable there are differences in a few rega

Amazon Facebook

Where would you encounter a phishing attempt like this? In an email explaining that "Changes have been made recently to your FaceBook account. If you didn't make these changes please click here to review" -- Clicking would give you a spoofed FaceBook login screen In a Trade offer on Steam stating “Yo, I don’t know you unfortunately, but this is for you, I do not need that knife ” -- Clicking would give you a spoofed Steam login screen. In a DM on discord announcing that "Since you are a confirmed Inbetweener owner, we have a free gift for you" -- Clicking the link would give you a screen to connect your wallet and put in your password followed by your seed phrase. In a link on twitter, instagram, tiktok, roblox, Twitch, or anywhere you can send or receive messages which is almost any app now.

I want to thank the following people for help on this episode. Casper0