Phishing is probably one of the biggest issues for most organizations today, with network and endpoint defensive technology getting better and better, the bad guys aren’t trying to go after the though route and instead of going for the low hanging fruit. Phishing is one of those issues where training the employees is your best defence – try your best to make sure they can spot a malicious email and make sure that they can report it easily so that appropriate action can be taken as quickly as possible. The train of thought behind saying this is that – it’s beneficial to depend on multiple nodes of human intelligence to spot a potential threat, because even if one person spots and reports a phishing mail, it’s possible to run mass searches and find who all were targeted by a campaign.
Social engineering is a very interesting subject to think about, in this context, it is basically using the victim’s familiarity and habits against them. Human beings are creatures of habit, we are so used to certain things in our life that when faced with them, we don’t think twice before acting on them. As an example; we are aware that there are a lot of attempts to by hackers to compromise social media accounts, so if one receives an email from your preferred social media site that there was an attempt to break into your account or an email to review your accounts security settings, most people will click on the link and log into their account to check what’s going on. A hacker will use this against a victim, all they need to do is swap a real link with a malicious one.
In the first part of this report, we’ll delve into Shellphish, which is one of the easiest ways to generate a malicious link. Then, in the second part, we’ll explore WIFIphisher, a powerful tool for demonstrating WIFI-Phishing attacks.
Views: 1
