3.1 Cloning the Original Website
The attacker set up everything necessary to create a replica of the
original website using a fake webpage. He will then create a phishing
email that contains a link to the fake webpage, so that when the victim
enters data using the link, the data is immediately posted to the fake
website rather than the legitimate one, and the attacker’s database will
be updated with the phishing information.
Fig.1 Attackers cloning the original website
Downloading the Source
Code
Here in our experiment, we mimic the MY AUM portal to show how a Website
Spoofing attack works. At the very beginning of our endeavor, we used
the HTTrack software tool to retrieve the My AUM website’s whole source
code.
Fig.2 Win HTTrack website copier software
Creating a new PHP
file:
We developed a POST.PHP file and added a few lines of PHP code to it in
the second step to harvest the credentials from the victims that visited
our cloned MY AUM website.