Crafting a phishing email 101
Posted by: Timothy Weaver on 04/23/2015 09:17 AM
[
Comments
]
How do hackers craft a phishing email? It's really pretty simple.
What the hacker looks for first is security holes in a company's information system. The object of the scam is to infiltrate a company with an infected email.
Ray Boisvert, a veteran of Canada's intelligence services, said: "People love to click on that blue line."
The hacker would scour LinkedIn looking for the least cybersavvy employees, such as those who work in nontechnical areas and new hires unlikely to recognize an atypical email. After learning the format of the companies emails (e.g., x.name@company.com), he will begin sending out emails until they stop bouncing back.
The next trick is to scour social media to find out as much as possible about the selected victim. He will look to learn his target's professional background, friends, and general interests.
He can then customize the phishing email to lure the victim into clicking on a link that would take the employee to a malware site that downloads the malware onto the victims computer. From there he can access the company network and find usernames and passwords.
Source: BusinessInsider
What the hacker looks for first is security holes in a company's information system. The object of the scam is to infiltrate a company with an infected email. Ray Boisvert, a veteran of Canada's intelligence services, said: "People love to click on that blue line."
The hacker would scour LinkedIn looking for the least cybersavvy employees, such as those who work in nontechnical areas and new hires unlikely to recognize an atypical email. After learning the format of the companies emails (e.g., x.name@company.com), he will begin sending out emails until they stop bouncing back.
The next trick is to scour social media to find out as much as possible about the selected victim. He will look to learn his target's professional background, friends, and general interests.
He can then customize the phishing email to lure the victim into clicking on a link that would take the employee to a malware site that downloads the malware onto the victims computer. From there he can access the company network and find usernames and passwords.
Source: BusinessInsider
Comments
