3.1 Cloning the Original Website
The attacker set up everything necessary to create a replica of the original website using a fake webpage. He will then create a phishing email that contains a link to the fake webpage, so that when the victim enters data using the link, the data is immediately posted to the fake website rather than the legitimate one, and the attacker’s database will be updated with the phishing information.
Fig.1 Attackers cloning the original website

Downloading the Source Code

Here in our experiment, we mimic the MY AUM portal to show how a Website Spoofing attack works. At the very beginning of our endeavor, we used the HTTrack software tool to retrieve the My AUM website’s whole source code.
Fig.2 Win HTTrack website copier software

Creating a new PHP file:

We developed a POST.PHP file and added a few lines of PHP code to it in the second step to harvest the credentials from the victims that visited our cloned MY AUM website.