For context: I am a white hat hacker that is new to the hacking scene and looking to understand some of the new hacking methods scammers are using on social media. I have been in contact with multiple scammers over the last few days and have purposefully caved to their asks to develop an understanding of their approach and how they carry out their attacks. I have 2FA set up and my account is in my possession, I’m not looking to reclaim my account just understand how their hack works.
With that out of the way, over the past week I’ve encountered 2 approaches and have no clue how they work and haven’t found much on them:
Disclaimer - before engaging with a new scammer I clear cache & history, reinstall Instagram, and change my password to ensure the password has to be stolen again.
1) Scammer sends link -> click link -> password stolen -> login attempt on my account
This seems like a traditional phishing attempt, but does not redirect to another page and prompt for a login. My question is how do they steal passwords through a click alone?
2) Scammer sends SMS with link -> messages on Instagram asking for screenshot of link -> send screenshot -> password stolen -> login attempt on my account
This one I’m a lot more confused by. I’m diligent to not click the link, but as soon as I send the screenshot of the link there’s a login attempt to my account.
[link] [comments]
from hacking: security in practice https://ift.tt/dpCZsBX
Comments
Post a Comment