51 lines
2.4 KiB
XML
51 lines
2.4 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<section>
|
|
<title>Social Engineering: Phishing</title>
|
|
<p> <company_short/>
|
|
will engage in social-engineering-based attacks. As requested,
|
|
the focus will be on sending phishing emails to test how vulnerable
|
|
the selected targets are to this approach.
|
|
</p>
|
|
<p>For phishing to be successful it is important that
|
|
<company_short/>
|
|
has detailed information on the targets. Providing
|
|
<company_short/>
|
|
with a list of target names, roles, email addresses, departments, and
|
|
any other useful information, in advance will save significant research
|
|
time.
|
|
</p>
|
|
<p>The phishing process includes these stages:<br/>
|
|
<ul>
|
|
<li>Research target information</li>
|
|
<li>Group related targets</li>
|
|
<li>Create pretexts suitable for one or more groups</li>
|
|
<li>Build/adapt tools and services to implement the attack</li>
|
|
<li>Send mailings to the groups</li>
|
|
<li>Gather & analyze results</li>
|
|
<li>Report conclusions</li>
|
|
</ul>
|
|
</p>
|
|
<p>First, targets are divided into groups, dependent upon their
|
|
departments, roles and interests. Next, content that might appeal to
|
|
each group is created or adapted into appropriate phishing pretexts. The
|
|
content may be new, using fictional company names, or based on existing
|
|
company information and content if pretexts need to be very realistic.
|
|
The mailings are usually sent using existing chat operated tools (and
|
|
<client_short/> may observe the process if interested), or alternatively
|
|
<company_short/>
|
|
may create something new, if the situation calls for it.
|
|
</p>
|
|
<p>To record which targets click message links, <company_short/>
|
|
uses click-tracking redirects, in the same way most email newsletters
|
|
do. When a target clicks on a link in a phishing mail, their email
|
|
address, IP address, and the name of the mailing is sent to us and
|
|
logged. Once a victim's click has been recorded, he/she is removed from
|
|
the target list as a single successful click is per target is sufficient
|
|
for the purposes of these benign attacks. Clicks may happen seconds,
|
|
days or weeks after sending, so it's important to wait for results to
|
|
accumulate. When sufficient mailings have been sent, and enough data has
|
|
(hopefully) been received, the logged results are analyzed and presented
|
|
in the final report.
|
|
</p>
|
|
</section>
|