Phising for dummies

So you want to become a phiser?

First, to know what a phiser does look at the term phising on WikiPedia. In short, a phiser is someone who tries to fool somebody to fill in private/sensitive information on a website that is believed to be an official website the scam has been created for. Usually these requests come by email, give a link to a website where you should fill in the information and try to disguise it as a legit site.

How to spread emails to people and harvest email addresses to send to?

Thanks to F-Secure I found the source of MyDoom virus. Just change it a little to suit your needs. How I obtained this source is in an older entry on my weblog in case you want to look it up... Just make it a phising scam and worm in one so that you can reach a big audience...

What site to imitate?

Don't worry if you know only the online banking site you use yourself. F-Secure gladly provides you with a HUGE list of banks to impersonate (right-click, save to file). Pick one at random, look at the site, rip the layout and use that in your email you will sent to all the intended victims. Mind you that you use the same language and way of writing as the host of the site does. Spelling errors are a big no-no here, a scam should look perfect!

Examples... or not?

Take a look here, it's a test which checks wether you can be baited for a phising scam. Look at the examples and learn from them. Try your best to imitate the site you intend to copy.

How to save the data?

Goddammit, I'm not going to explain you how to program, use PHP or Perl to save the form data... Use The Fucking Search, Noob! (grin)

What to do with the data you collected?

Go shopping on the internet or something, I don't care about that... I just feel bothered by the fact that F-Secure yet again gives away information it really doesn't need to and just giving the wrong people the wrong ideas.