Web application security - the fast guide 1.1 | Page 104

Chapter 5 - Attack Execution the client
P a g e | 104
Attack process
A. use a compromised machine or a shared one to escape tracking.
B. Use the compromised machine to send email that lead to the phished
version of the site
C. Victims will visit phished site and provide sensitive information.
D. Information are directly used to benefit before the scam get disclosed.
Example:
A good example will be collecting Pay pal credentials using an email message
sent to some of paypal clients.
1
2
Figure 40: example for paypal fake message with fake liink
As you notice in the message two main point:
- Push the victim to take a fast decision due to special case
- The provided link will lead the victim to the fished site to collect
information.
The attacker might not be using his server to host the pages but also a
compromised server.
A compromised or shared computer is used to send emails.