Illegally seeking control of a website by taking over a domain is known as Web Jacking. In web jacking attack method hackers compromises with the domain name system (DNS) that resolves website URL to IP address but the actual website is never touched. Web jacking attack method is another type of social engineering phishing attack where an attacker create a fake web page of victim website and send it to the victim and when a victim click on that link, a message display on the browser “the site abc.com has move on another address, click here to go to the new location” and if a victim does click on the link, he/she will redirect on the fake website page where an attacker can ask for any sensitive data such as credit card number, username, password etc. Web jacking attack method is one kind of trap which is spread by the attacker to steal the sensitive data of any people, and those people got trapped who are not aware about cyber security. Web Jacking Attack Method:
- The first step of web jacking attack method is to create a fake page of victim website for example www.anywebsite.com/login.php.
- The second step is to host it either on your local computer or shared hosting.
- The third step is to send the link of a fake page to the victim.
- The fourth step victim will open the link and enter their details and submit.
- Last step, you will get all the details submitted by victim.
How to apply web jacking attack method:
- Step-1: So to apply web jacking attack method we will use a tool in kali linux called setoolkit.
- Step-2: Open your kali linux operating system, and then open Terminal window.
- Step-3: Type setoolkit on the terminal.
- Step-4: It will display lots of attacking method but you have to select Social-engineering attack.
- Step-5: Type 1 to select Social-engineering attack, it will display lots of social engineering attack method. Here, you have to select website attack vector, so type 2, it will display different website attack method. Above methods will create a fake website page same as victim website page and host it on your computer.
- Step-6: Copy the link(your computer IP which you entered previously) of fake website and send it to the victim. If the link is your local computer IP address then convert it into domain name. To convert your IP address in domain name, open the link and type your computer IP address here, it will create a link. Now, your link is ready copy it and send it to the victim and wait till he/she entered their details.
- Step-7: When a victim will open the link in their browser, the browser display the message “the site www.abc.com has move on another address, click here to go to the new location” and if the victim clicks on this link he will get redirected on the fake webpage.
How to be safe from web jacking attack method !
- First of all do not enter sensitive data in any link sent to you.
- Check the URL
- Just because the address looks Ok, don’t assume this is a legitimate site.
- Read company name carefully, is it right or wrong.
- check that there is http protocol or https, if http then do not enter your data.
- If you are not sure, site is real or fake, enter a wrong username and password.
- Use a browser with antiphishing detection