Hello, we are glad to welcome you to our forum. Here you can get answers to any questions that interest you, get useful advice and practical recommendations for successful work in any direction.
The main purpose of phishing is to obtain bank accounts and accounts of any payment systems that you need and need. Or force the victims to make money transfers according to the details you need.
You can send phishing messages using the spam method, it works both by e-mail and via SMS messages or phone calls from robots.
You yourself choose how you like best, which method you prefer and how it is easier and more convenient for you to work.
You can find the necessary software for these purposes at the following link:
There will also be links where you can download it.
To do this, you can use any posts from social engineering techniques. For instance:
1. "Please confirm the relevance of your account information, please follow the link ..."
2. "Please verify your personal account, follow the link ..."
3. "Please install additional protection for your account and activate two-step authorization ..."
4. "We have noticed suspicious activity on your account, please change your password ..."
5. "A bonus (cash reward) is available to you, please follow the link to receive ..."
6. "Please confirm free use of our services ..."
7. "Please use the reduced commission when making payments ...".
8. "Please read our special offer (conditions) especially for you"
There are many other options, imagine yourself as a fish that would be caught by a fisherman (phisher) and write a message that you yourself would peck at and follow the specified link.
The length of the text is not of fundamental importance, the moment of registration of the letter (if it is e-mail) is very important.
The main task is to catch the attention of the fish and arouse its desire to be sure to follow the proposed link.
Pre-study the alerts from the desired bank or payment system that they send to users, carefully read them and create a completely identical design so as not to arouse suspicion and so that the message looks more believable.
1. Forget to use email sender spoofing. It is important that the letter comes from a familiar and familiar address.
2. They send mail from one SMTP server and their letters go to the spam folder.
3. Forgetting to restrict the access of search bots to the site and their phishing page is immediately blacklisted. Browsers and plugins warn you that this is a dangerous site.
4. Do not install the https protocol
5. Scripts for collecting information on the site are not debugged or the design of the site is suspicious.
There are many other common beginner mistakes.
1. The domain address is too different. It is important to find a good, verified address that will not raise suspicions. You can change 1 number or letter in the name to be similar to the original. Either add a thematic prefix, or register a completely identical domain in a free trust zone.
2. The design of the site is too different and not credible. Or, as I wrote above, the https protocol is not installed.
3. Plugins, antivirus programs and browsers warn that this is a dangerous site.
4. To access your account, you are not asked for the usual confirmation by e-mail or SMS.
Beforehand, be sure to study all the intricacies of the authorization of the donor site.
Copying a site is very easy using various programs for these purposes or manually. They will not be able to hide the html code in any way. The only thing that you will not be able to copy is if a self-written cms engine was written by the coders, but this is not required. It is enough to use standard forms for collecting login and passwords.
There are a huge number of methods and free programs for copying sites completely, here is one of them:
Yes, many sites have such a function and their technical specialists determine the actions of suspicious programs and bots and try to intercept or block them. But this in detail cannot affect your work in any way, since they cannot know and predict the domain on which you will place phishing.
The only thing they can do is when they receive complaints from smart users indicating a fake letter and domain, they will write a warning news on their website for all users, make an official warning mailing list, or add a harmful domain to black lists, but this happens very rarely.
1. Using free special programs to create a copy (duplicate sites).
HTTrack is a free (GPL, libre/free software) and easy-to-use offline browser utility. It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack...
www.httrack.com
2. Using free online services, in which it is enough to enter the desired link and receive a complete copy.
This web scraper was developed to download or copy a website which is currently online. The tool downloads all files from a website, including images and videos. Email Support - WordPress Integration - Free Demo Up To 10MB.
www6.waybackmachinedownloader.com
It's Best Website Copier online tool that allows you to Quickly download sites source code into an easily editable format including assets js,css,html,image
www.toolsbug.com
And many others.
3. Manual method. Go to the site, open the html code view in the browser, select it, copy it, paste it into a notepad and make the necessary edits. You don't need to have extensive knowledge to do this. Everything is quite simple and elementary.
Please check out this topic and watch the video.
Contents Httrack Cyotek WebCopy WEBSITE DOWNLOADER Website Ripper Copier Darcy Ripper Local Website Archive Website eXtractor SurfOffline Web-Site-Downloader WebAssistant Proxy Offline Browser BackStreet Browser SiteSucker WebWhacker 5.0 Offline Explorer NCollector Studio What is Website Ripper...
prowebscraper.com
There are a huge number of free cms systems and engines. You can independently choose any and use it for its intended purpose.
Please choose which one you like best.
12 Best CMS Platforms in 2025: 1. WordPress 2. Joomla 3. WooCommerce 4. Drupal 5. HubSpot CMS + more.
www.hostinger.com
Looking for the best CMS platforms? See our expert comparison of the best and most popular CMS platforms for small business, ecommerce, and developers.
www.wpbeginner.com
They are very simple and intuitive to set up. There are detailed guides on how to use them correctly.
You can quickly and easily make up any site yourself without using the cms system at all.
It is advisable to place the site on a bulletproof hosting that does not respond to user complaints and hide the real IP address of the site using various free services.
You are a great fellow for studying this issue.
The data obtained can be used at your will, many of them log into accounts themselves and make transfers to the necessary accounts of cash-out services, or they simply put accounts for sale, setting the price depending on the balance.
Latest advice:
In addition to the login and password, it is desirable to get cookies and a full fingerprint of the victim's system and browser for more successful and productive work, this can also be done by the scripts installed on the site.
In addition to authorization data, you can set up a form for collecting credit card numbers and other personal information, such as ssn, dob, and others for the subsequent possibility of registering accounts with these data in other banks and payment systems.
Many fish use the same passwords in all their accounts, from social networks to payment systems. This is their big omission and mistake. It is important to always think and take care of your confidential information.
I wish you good and productive work in this direction. Remember to follow the basic rules of anonymity and safety when doing such activities.
P.S. For more information, please see the following topics:
