It is believed that many people have encountered phishing mails. Nowadays, fishing has become rampant.The so-called phishing email is that the attacker forges a seemingly normal email, which contains links to phishing websites, to make the victim believe that this is a trustworthy website (such as company OA, QQ space, microblog, even Alipay, bank, etc.), so that the victim can take the initiative to enter account password and other information on the website to achieve the purpose of information theft by the attacker.When the victim gives the information to the attacker, it will lead to the consequences of his QQ being stolen, company secrets being leaked, and even the bank card money being transferred.
On a dark and windy night, someone in a group sent a screenshot.It is an obvious fishing email, with the following contents:
Screenshot of QQ group
In fact, people who know a little about the content can tell that it is actually a phishing email, but people who don't know it can't tell.At the end of the connection is the QQ number of the recipient. This detail increases the credibility of the link. Naturally, some people think it is a reliable link.
First, tell the group that this should be a phishing link, and do not enter the account password.Then I opened the link out of curiosity.It is found that the link is consistent with the content of the email, and it is a page to disguise the QQ couple space.The page is really Tencent's style (I don't know whether the page of Couple Space is like this).A login window pops up immediately after entering the web page, asking you to enter your account password to log in to QQ
Screenshot of phishing website
Obviously, it is a phishing website. Open F12 and input an account password randomly to see the request. After clicking the login button, a get request will be used to send the account password to a file under the domain name (the screenshot was incomplete at that time, and I forgot where it was sent).And after you enter your account password, this webpage will really jump to the page of Tencent Couples Space. This detail really increases the credibility of the webpage. People who do not understand it will not suspect that their password is leaked here in the end.
Screenshot of browser F12
We have got the evidence of phishing on this website, and the screenshot was sent to the group to tell us the harm principle of the phishing website and continue to chat.Then when I was idle, I pinged the domain name and found it was a server in Hong Kong. I scanned the port where the server was hung.
Ping to obtain the IP addressNmap scan port
It is found that port 8888 is open?Very familiar. It seems to be the default port of the pagoda? Try to visit and, sure enough, open the pagoda panel landing page
Pagoda panel landing page
Have a research, uh....The pagoda panel cannot be gnawed
emmmm
After slipping away, continue to salted fish. jpg...Then I continued to blow water in the group.
I suddenly saw it. Eh?This commodity. cn domain name phishing????
Muddled.gif
If you use the. cn domain name, wouldn't you check it one by one?So he started to do it.
First, check Whois information.
Domain name whois information
QQ email, uh.....Search for friends.
QQ No
However, the QQ number left little information on the Internet, and nothing was found. However, through whois counter check, it was found that many domain names were registered in this email address.Most of them are registered in Western Digital and Alibaba Cloud
Whois Backcheck
Query Whois English information to get another QQ email
Whois English information
But again, no information can be found on this QQ number
Another QQ number
Forget it. I slipped away. The level is limited.Throw the evidence and all kinds of information to the registrar of its domain name.
The registrar issues the work order
todayReceive the work order reply from the registrar
Work order reply
Then I verified that the domain name resolution has stopped and the server ping has failed.
This is the end of the matter. We didn't continue to dig for information.After all, the level is limited, and even if we dig deeply, we can't find any information.
In fact, this article has no technical content, including the phishing website. But I believe that many people who do not understand this or have poor security awareness will be easily recruited.
So if you are ignorant of network security, try not to click on links sent by others.Even if it is clicked, the login mode that does not input account password, such as scanning code login or SMS authentication login, is also used.As mentioned earlier, the quick login button on the phishing website will not respond when clicked. As long as you do not enter the account password, you will be fine.
In short, even if you are not engaged in security related work, as long as you use the Internet, it is recommended to learn some basic network security knowledge and take precautions.
Well, I actually want to find a fishing page to use... When I see it when I don't use it, I ignore it. When I use it, I can't find it... It's really troublesome
A few years ago, someone left a message on QQ Space saying, "You remember who this is?" At that time, I clicked in and logged in. The QQ Security Center immediately prompted me to log in from another place. It was really silly. By the way, when I saw this email, 99% of the links in the domain name "qq. com" were not phishing.
