How to Get Away with Phishing - Part 0

Everyone’s favorite subject

It’s hard to go through cybersecurity articles without seeing yet another article about phishing - another post raising awareness, another cautionary tale, another guide on the top 10 telltale signs of a phishing email.

Surely, surely everyone knows all about phishing by now, right?

So, instead of another fear mongering article telling people to be “vigilant”, we’ll show the attackers some love, and tell you all about how to phish (and get away with it).

Welcome to phishing school

Everyone is welcome at the school of phishing - whether you’re a cybersecurity enthusiast, seasoned professional, or just a curious passerby, we’ll have something for you. The concept of phishing might seem simple, but there are many techniques and intricacies behind each attack that makes the difference between a small-time scammer and a high-rolling cybercriminal.

We’ll take a deep dive into the anatomy of a phishing campaign, breaking it down step-by-step to give you some practical insights for conducting your perfect phishing campaign. Each post in this series will dissect different parts of a phish, and go through the tactics and strategies that veteran phishers use.

Spear phishing - Let’s try to catch some big fish

Now I’m sure everyone has heard about phishing, and probably encountered your fair share of phishing emails. An estranged grandparent leaving you a windfall inheritance, a pending delivery from your local post office, a prince from foreign lands who needs your help, an ecommerce company giving you a sweet refund, and so on.

They’re cute, for sure. But these are for small fish. Here, we want to catch some big fish - Corporations and C-suite are the ones we’re after. For those, we need some specialized bait. And to craft good bait, you must first know your target.

Research your target

A good phishing campaign starts with research. The more you know about your targets, the more convincing your phishing attempts will be, and the more likely you will get a bite.

Luckily for you, most of the the information you need is available in the palm of your hand - you only need to know how to look.

The art of doing this is called Open-Source Intelligence, or OSINT.

OSINT for profit

When targeting a company, there are 2 main areas you should look into: people, and environment.

1. Understand the people

Companies are made of people (yes, even your annoying coworkers), and understanding those people makes it easier to fool them. It also helps to identify key individuals who can help give you the keys to the kingdom.

• Social Media Profiles: Use platforms like LinkedIn, Facebook, Twitter, and Instagram to gather information about your targets. Look for:

  • Professional Roles and Responsibilities: LinkedIn profiles often include job titles, responsibilities, and connections.

  • Personal Interests and Activities: Social media posts can reveal hobbies, recent travels, and personal preferences.

  • Work-Related Announcements: Updates about job changes, promotions, or company events.

  • Role-Based Targeting: Identify employees who have access to sensitive information or systems. Roles to consider include:

    • IT and Security Staff: Often have access to internal systems and credentials.

    • Finance and HR: Handle sensitive financial and personal data.

    • Executives: High-profile targets with significant access but often have more stringent defenses - we’ll talk about lateral movement to these targets later.

  • Organizational Charts: Most companies don’t post their org charts, but you might be able to infer that based on the people who work for a company and their roles.

• Company Websites:

  • About Us Page: Provides insights into the company’s structure, key personnel, and business focus.

  • Contact Information: Lists email addresses, phone numbers, and sometimes job titles.

  • News and Blogs: Updates on recent activities, new projects, and corporate milestones.

Here are some tools that can help you on your “research”:

• LinkedIn Tools:

  • LinkedIn Search: Use specific search terms related to job titles, departments, or projects.

  • LinkedIn Sales Navigator: A premium tool for advanced search and filtering, allowing for detailed targeting.

• People Search Tools:

  • Hunter.io: Find leads and email addresses associated with particular domains, companies, and people.

2. Understanding the environment

• Commonly Used Software: Identify the software and tools commonly used within the organization. This information can be gathered from:

  • Job Postings: Often list required skills and software knowledge.

  • Tech Blogs and Forums: Look for discussions about the company’s technology stack.

• Company Culture:

  • Employee Reviews: Websites like Glassdoor and Indeed offer insights into company culture and employee experiences.

  • Company Blog and News: Provides information on recent projects, company values.

Tools:

• OSINT Search Engines:

  • Shodan: Helps find devices connected to the internet, which can provide insight into the company’s network and security.

  • Censys: Similar to Shodan, it provides information about the devices and certificates exposed on the internet.

• Find the tech stack behind websites:

  • BuiltWith: Provides information about the technology stack of websites, including content management systems, hosting services, and analytics tools.

  • Wappalyzer: Similar to BuiltWith, it identifies technologies used by websites.

Next time

Now that you have done the research, it’s time to put that knowledge to use in crafting convincing bait to lure in your target. We’ll cover how to do that in the next installment of our series.