When i started this security website more than 15 months ago, i was good in hacking stuffs and used to play with some common hacking methods. At that time i really enjoy phishing and trojans. Binding torjans with FUD cryptors and then playing with friend's computers was really a nice prank for me.
Now the time is changed a lot. I saw many school students claiming to be hacker (but I don't think i am) and posting some bad comments on my older phishing posts. According to these new hackers, Phishing is the old way and people are not going to give your password in the fake login pages. This force me to think whether they really know the significance of the word "hacker".
If you see the latest cyber crime report, then you will see that Phishing is the main attack on all these cyber crimes. Most of the DNS poisioning attack leads to phishing pages. Brazilian bank account hacking is the most recent example. That was also a fake login page of the bank on the other domain. But it leads to the hacking of thousands of bank account. Do you still think the phishing is dead?
Few days back, Norton published a report about a fake software vendor website selling some popular softwares for a huge amount of discount. This fake website have all the things which can prove it as a trusted vendor. But the payment of the website is suspicious. When a user wanted to buy a software for this huge discount, he was redirected to the payment gatway asking for credit cards info. But the gatway was not the official and trusted. Website was storing all the secure credit card data which it later used for malicious purpose.The website was a phishig website which was giving this kind of software offers to get users credi card data. This was the high level of phishing without any kind of fake login page. DO you still think you know phishing well.
For those blah blah blah hackers who are easy to find on facebook, phishing is just creating fake login page and is dead. But for hackers, phishing something which is most dangerous.
NOTE:
This is my personal advice not to pay on any website until you find a known secure payment gateway. Always verify the payment gateway before paying. If you are not sure about the payment gateway, see the URL on the address bar of the page which is asking for your credit card info. Search about the this domain in the Google and see the results whether it is a payment gateway of a phishing scam.
Report any this kind of suspicious website to Symantec.
Would love to here from you...